CloudBzz

This morning kicked off the Enterprise Cloud Summit @ Interop in Las Vegas.  Allistair Croll from Bitcurrent is running the sessions today and started us off with a fairly interesting counterpoint to Nick Carr’s assertion that computing is quickly morphing to a model analogous to an electric utility.  His points about the dearth of standards and interoperability, and the fact that so much of computing requirements vary from consumer to consumer, make sense.  In contrast, electricity is a standard, fully interoperable, and generally homogenized.  

Paul Mockapetris, Chairman and Chief Scientist, Nominium, Inc.  “A brief history of Cloud Computing”

Paul gave a talk on the history of the cloud, starting back at the RAND Institute in 1960-62 with their work on distributed communications networks – which eventually led to the internet.  This was only moderately interesting and mostly review for the people in the audience.  His most interesting point was that the bottom of the stack may standardize over time – much like IP underpins all networking today.   The key however, is that users must be free to choose vendors, move their apps, set their own metrics, etc.  

This is a busy week for cloud computing conferences. If you are attending any of these conferences and want to submit stories to CloudBzz, contact us immediately. John Treadway will be at Interop and the Enterprise Cloud Summit in Las Vegas.

May 18-19 Cloud Computing Expo, Prague

May 18-21 Enterprise Cloud Computing Summit, Las Vegas

May 20-21 Cloud Expo Europe, London

Let’s see if we can make some thunder in the cloud!

In a new report, “How secure is your cloud?,” Forrester Research analyst Chenxi Wang cautions IT to fully evaluate security issues before moving to cloud deployment models. I won’t recap the article here, but it goes over some fairly obvious information about the security implications of any new computing architecture.

There are several vendors with security offerings for cloud computing, and the Cloud Security Alliance has published an excellent Guidelines document to help IT managers make the right moves.  Also, here is an excellent video of BT Global Services CTO Bruce Schneier facing off against Tenable Network Security CTO Marcus Ranum.

The more security remains a barrier to adoption for cloud companies (IDC puts security as the #1 inhibitor), more opportunites will be created for existing and new security vendors to bring solutions to plug the gaps and make IT more confident in the cloud.

The “what is the cloud” debate continues unabated. I’m a bit of a purist on this issue and am actually going to contradict a bit of what I said in my earlier post “Clouds have Layers.”

If you think of it from the perspective of the application or a set of data (e.g. personify the application and data for a moment), a compute cloud allows me to operate without consideration of where my bits and operations physically reside or execute, and the resources I consume are reasonably elastic – they are cloud-like. The cloud is the container, transport and resource pool.

I would argue that SaaS environments that are contained in a closed private data center container (either the vendor’s own facility, or co-located in a hosting facility) are not of the cloud. Multi-tenancy is not the cloud, though it is a technique that perhaps makes using a cloud easier. A multi-tenanted CRM application delivered as a service to end users can be in the cloud, or in a constrained pool of physical servers under the control of the CRM vendor. It is neither defined by, nor does it define, cloud computing.

Were I to deploy a “private cloud” in an enterprise context, the results would be the same. The developers of applications would see a “cloud” of resources into which their code can be poured that would enable reasonably elastic scaling (up and down) as needed. It could be a native Java, Rails, or .NET application, or it could be an application built on a PaaS-like framework similar to Quickbase or force.com. In either case, the cloud “vendor” in this case would be the IT department. It would suffer from a more limited scaling ability (a massive spike could require new hardware to be provisioned, killing the elastic illusion), would still consume internal resources on physical asset management (negating many of the cost advantages), and may have other limitations not present in public cloud infrastructures.

What you may see at some point is the concept of a “publicly-extensible private cloud” where IT builds and manages a cloud infrastructure that cross-connects to one or more public clouds to manage overflow scaling. Applications are still under the watchful eye of IT, but can use the virtually unlimited public cloud capacity when needed.

Enomaly CEO Reuven Cohen makes the case that Cicso, VMWare , Enomaly and many other vendors are rolling out solutions to allow traditional hosting providers to become cloud infrastructure players. It makes sense – the old model of racks filled with your own servers, fixed monthly bandwidth and power charges, and late night trips to replace faulty hardware is going the way of the buggy whip.

So, if this is true, what is the impact of hundreds of hosting providers joining the ranks of Amazon, Google and other “public cloud” providers? Initially, there will be massive disruption and confusion as all of these providers vie to compete in the cloud infrastructure market. Each of these clouds will be separate and distinct, with no portability or interoperability.

Even now, companies are springing up to stitch the clouds together. The first focus is on independence, with services like RightScale or CloudKick (recently previewed at Under the Radar) enabling portability between clouds. Over time this could migrate to services that automatically distribute applications, content and data across these clouds.

As a general rule, these services will be quite useful in a number of instances, but will add costs to the value proposition. Companies will have to purchase the unified service through these new vendors. The portability/interoperability value proposition won’t be enough for these vendors to have a long-term business, but they can add a lot of services around security, management and more.

Think of telecommunications, power and other utility networks. Most started off independently. Over time they achieved interoperability to greater or lesser degrees. Ultimately, most of the cloud infrastructures will be stitched together through standards and integration activities to create a single unified master cloud architecture. Some will choose not to join, but you can be sure that a huge portion of global computing infrastructures at some point in the future will be addressible as a single cloud.

Forrester analyst Chenxi Wang recently released a ereport titled “How Secure is Your Cloud?” This report seeks to highlight the increased risk that IT departments face when considering cloud infrastructures for their applications.

“Cloud computing decouples data from infrastructure and obscures low-level operational details, such as where your data is and how it’s replicated,” Wang writes. “Multi-tenancy, while it is rarely used in traditional IT outsourcing, is almost a given in cloud computing services. These differences give rise to a unique set of security and privacy issues that not only impact your risk management practices, but have also stimulated a fresh evaluation of legal issues in areas such as compliance, auditing, and eDiscovery.”

It seems that one of the core issues they have is with multi-tenancy. Done correctly, a multi-tenant architecture is very secure. However, given the black-box nature of most cloud/SaaS/PaaS environments, it’s hard to evaluate if the proper security controls are in place.

Perhaps this is where initiatives such as the Cloud Security Alliance could be very useful to IT groups sorting through their risks and opportunities in the cloud.

Gartner analyst Lydia Leong was kind enough to respond to an email I sent her regarding this debate over Gartner’s $46 billion cloud computing market.  To be clear, I enjoy Ms. Leong’s CloudPundit blog and generally believe that she gets cloud computing.  She was kind enough to respond to my email with her thoughts up on CloudPundit.  

Here is an excerpt of my reply:

Thanks for responding.  I have access to the press release – not the full report.  The press release disputes what you say.  It talks only about IT services and not consumers (the words “consumer” or “consumerization” are not used in the release).

While I get the point about some traditional IT services being advertiser supported, this represents a very small fraction of both advertising and IT functions.  Corporate email moving to the cloud (or more typically, SMB and nonprofit email), can be ad-supported and this qualifies in your offset.  However, most of Google’s, Yahoo’s and Microsoft’s ad revenue comes through either their home page search or through Adsense or other types of placement on millions of web sites – most of which provide no IT-related service.  Also, auction-based pricing for advertising (e.g. AdWords) is not nearly all online advertising.  Much is CPM-based and these types of ads are also used to support Web sites with IT services being supported.  In fact, selling ads on a CPM basis is typically far more profitable for the service provider than AdWords.

If you’ve seen the ad business lately, you’d know that it is virtually impossible for most businesses to live on ad revenues and provide a reliable and valuable service.  Most cloud services will be paid for through any of a number of pricing models, but advertising won’t be a significant percentage.

Further, the press release makes a SaaS/cloud distinction around “true multi-tenancy,” which is not how advertising auction systems work.  These are traditional Web apps that do not need to adhere to multi-tenancy models because the users are not able to modify how they operate or extend them intrinsically.  

By lumping advertising, e-commerce, payments and online HR services into your definition of cloud computing, Gartner dilutes the term into a state of total irrelevancy.  What you really seem to mean when you say this is cloud = every internet-delivered service that remotely touches corporate IT.   

Gartner’s definition of cloud computing is at odds with the U.S. Government (http://csrc.nist.gov/organizations/fissea/2009-conference/presentations/fissea09-pmell-day3_cloud-computing.pdf), McKinsey (http://uptimeinstitute.org/content/view/353/319), IDC (http://blogs.idc.com/ie/?p=190), U.C. Berkeley (http://www.eecs.berkeley.edu/Pubs/TechRpts/2009/EECS-2009-28.html) and nearly every other definition that’s out there.  It provides no actionable value, which in the end is where Gartner tends to shine, and it’s not defensible in any discussion with practitioners and other experts.

I had asked a few people at the Gartner outsourcing meeting if they agreed with your definition of Cloud Computing.  Most said no, some snorted derisively, and one commented that “Gartner’s late to the party as usual and isn’t dressed properly.  They just don’t get the cloud yet.”  These were all Gartner clients, not vendors.

 

 

“Is it confusing to see the giant number with advertising included? It can be. I often start off descriptions of our forecast with, “This is a huge number, but you should note that a substantial percentage of these revenues are derived from online advertising.” and then drill down into a forecast for a particular segment or subsegment of audience interest.

Giant numbers can be splashily exciting on conference presentations, but pretty much anyone doing anything practical with the forecast (like trying to figure out their market opportunity) looks at a segment or even a subsegment.”

For those of you getting into the Cloud Computing world, the established hierarchy of the cloud these days is as follows:

SaaS has been around for many years – first known as ASP (application service provider) in the 1990′s.  The most famous has been Salesforce.com’s CRM/SFA application suite.  In fact, any application delivered over the internet and hosted remotely can be called SaaS – including ADP’s hosted payroll services, QuickBooks online, and tens of thousands of applications from thousands of vendors.

PaaS is a relatively new phenomenon, popularized again by Salesforce.com when they opened up their platform through their force.com offerings.  This allows you to use their underlying data models and constructs to write your own applications which they host.

Finally, and most excitingly, Amazon with their AWS offerings has created this new category of virtualized data center infrastructure.  Remote hosting has been around forever, but Amazon has taken it way beyond this.   Google’s AppEngine, Microsoft’s Azure and RackSpace’s Mosso are also IaaS offerings.  And there are many more to come.  

All of this reminds me of one of my favorite scenes from Shrek…

As reported in Government Technology on May 1, the U.S. General Services Administration (GSA) has moved the USA.gov information portal to a flexible cloud-based platform provided by Miami’s Terremark Worldwide.

[GSA acting associate administrator Martha] Dorris said the move will cut the portal’s infrastructure costs by as much as 90 percent and improve its capabilities. “We’re saving money and we’ll have a flexible infrastructure,” she said, adding that complete migration to the new platform would be done by September.

If the U.S. Goverment is willing to deploy large (100 million visitors) and important systems to cloud infrastructures, why would enterprise IT groups hold back?

An intersting article from Reuters highlights a few of the companies receiving VC funding for cloud computing plays.  There are several others, including some that are in stealth mode still.  What does this mean?

First, cloud computing is starting up the hype curve in a big way.  Second, there are smart people building very valueable extensions to core cloud infrastructures from Amazon, Google, and others (mostly Amazon at this point).  The gaps are being filled by start-ups and making cloud adoption easier and more manageable.  Lastly, there will be so many new companies and products in this space that companies will need help sorting through the options and leveraging them for value.

It’s an interesting and exciting time.  Let’s have some fun!

Here are the younger start-up companies mentioned in the article.