The Three "Itys" of Cloud Computing
No matter where you deploy it, it's still your application | Related Reading |
Everyone's talking about cloud computing and cloudware (applications in the cloud) services and pointing to the hiccups of several major cloud providers already this year. Reliability, availability, and security are still major concerns, and yet some reports indicate these three "itys" aren't impeding adoption of cloud computing models at all. Applications, whether in the cloud or in the corporate data center, are still delivered via a network. It is more often than not that the network is at the heart of both the successful and the unsuccessful deployment of applications. | Cloud Computing Adoption Grows Despite Concerns Cloudware and Information Privacy: TANSTAAFL Bursting the Cloud |
The appeal of cloud computing is, in part, due to its obfuscated nature. The underlying delivery infrastructure is hidden in "the cloud" and can therefore largely be ignored by consumers - whether individuals or organizations.
Or can it?
In June, Analyst firm Gartner published a research note ("You Can't Do Cloud Computing Without the Right Cloud
(Network)", June 23, 2008, ID Number: G00158513) cautioning early adopters to be more aware of the infrastructure that is the core of cloud computing.
The promise of cloud computing is ubiquitous access to a broad set of applications and services,
which are delivered over the Internet and related networks, to multiple customers.To deliver on that promise, the cloud must provide a rich set of network services to a broad set of applications and services. Not all applications are the same: some will only require the basic capabilities available on the public Internet, while others may require an overlay on top (the "augmented Internet"), or even a private, Internet Protocol network with application-specific capabilities. What may work for one subscriber of a cloud-based service may not be appropriate for another, so cloud computing providers need to understand network delivery issues and be prepared to deliver multiple cloud network options to their subscribers.
Options are not only a concern for the providers, but should be a concern for subscribers. It behooves the subscriber to be aware of the needs of their application(s) and ensure that the cloud computing provider can meet those needs.
While cloud computing can certainly alleviate the cost of maintaining an application delivery network from the shoulders of the organization, it is not erased; only shifted to the provider. But the responsibility for ensuring that applications are delivered and performing well still lies with the organization. After all, the allure of cloud computing is often that the consumer of applications does not care - nor needs to care - where the application physically resides. The application consumer cares only that the application is secure, fast, and available.
That means it is still important for organizations deploying applications in the cloud to ensure that the application delivery network over which a cloud computing provider will deliver applications has implemented an infrastructure that adequately addresses the three "itys" of cloud computing: reliability, availability, and security.
RELIABILITY | AVAILABILITY | SECURITY |
Reliability is generally a measure of how long a system remains available between failures. It is often reported in terms of "Mean Time Between Failures (MTBF)". Reliability can be measured either on an individual infrastructure component basis or, more appropriately for cloud computing, on a system wide basis. | Availability is a measure of application downtime, often presented as the number of "9s" an application is or has been availability in a given time period. Availability is often assured through the use of network infrastructure such as application delivery controllers as these solutions are capable of reacting dynamically to changing conditions in the network and application infrastructure and can direct requests in such a way as to ensure they are responded to. | Security is a broad topic covering both the protection of data in-flight and at-rest as well as the real-time interactions of applications. Security of the entire application infrastructure stack - from layer 2 to layer 7 - should be evaluated. It will not do to secure the application against vulnerabilities if a simple layer 4 DoS attack can prevent the application from being used. |
QUESTIONS TO ASK | QUESTIONS TO ASK | QUESTIONS TO ASK |
Ask your cloud computing provider about the reliability of servers, routers, switches, and delivery network infrastructure. Ensure that the underlying infrastructure has been architected using solutions from reputable vendors. If you wouldn't deploy the solution(s) used in your own data center, you might want to consider other cloud computing provider options. | Ask if load balancing and application delivery features are part of the solution. If they are, ask what kind of control you have over the configuration and options: are applications simply load balanced using standard algorithms or are more advanced options in place to assure availability? Can the infrastructure react dynamically? Can it automatically redirect requests from slow or down servers to faster, more available ones? | Ask about security in place for all layers of the application stack. Are common layer 2-3 attacks mitigated? How are layer 7 (application) vulnerabilities addressed? Investigate the three AAAs of security: authentication, authorization, and auditing, to understand what measures are in place to help ensure your cloud-based application is secure. |
Note that despite the hype around virtualization and the way many people like to tie it to cloud computing like a tick on a dog, it doesn't end with "ity". What does that mean? It means that while virtualization is currently enabling many of the cool "tricks" associated with cloud computing, without the right infrastructure it doesn't matter one iota whether virtualization is involved. If you can't reliably access the applications running in that virtual image, does it really matter whether it's virtual or not?
Cloud computing isn't going away and it's likely that you'll use it in one way or another to deploy an application. Because that application is "in the cloud", consumers of that application don't know - or care - where it's physically deployed. You are responsible for its performance and availability, and it's you that will field the calls if it fails or performs poorly. You can mitigate much of the potential risk by ensuring that you choose a cloud computing provider with a strong cloud computing infrastructure; one that has addressed the three "itys" of cloud computing.