Cloud Computing Making Waves
Every once in a while, I’ll do a news search for ‘cloud computing.’ Yesterday was one of those days and while there are always a few stories about ‘the cloud,’ I was somewhat amazed by the number and range of topics that appeared. Also, the most recent issue (Oct 2011) of Consumer Reports had an article about ‘what’s the cloud.’ It was fairly elementary but for some reason when something is covered in Consumer Reports, I tend to think it’s finally reaching the masses. I’m glad they included, ‘Use caution when signing up for any cloud service. Make sure your information is well protected against cyber thieves. The company you're using should encrypt sensitive data and have state-of-the art privacy safeguards. And use strong passwords—a combination of letters, numbers, and symbols in a minimum of six characters’ Yes, we love encryption. And to the search results. With the economy still sputtering along, Forbes had an article talking about how Cloud Computing May be a Shot in the Arm our Economy Needs. On demand applications, pay-as-you-go and agility were common themes, as they have been for a couple years. The author talks about the fear of ‘hollow corporations,’ or those that do not produce and good or services but simply act as middle-men – brokers of services. However, these services are coming from the cloud, delivered via technology from the provider to the consumer. They are not really ‘hollow’ but what is called, ‘loosely coupled’ corporations. How a system or entity can do fine on it’s own, but when coupled with other systems, that’s when the fireworks fly. These providers would simply be the aggregation point of various third-party services which are made available to the consumer on-demand. He talks about how cloud computing can blur the lines between IT consumers and providers. How traditional non-IT companies, like online retailer Amazon, is also a cloud provider and how corporations could build their own private cloud and offer those services to partners and customers. He also looks into how Cloud can get a startup going very inexpensively; how small application shops can survive by selling their innovative software in app stores; and how ‘micro-outsourcing,’ not the entire bundle but pieces of IT resources are becoming more common. He really talks about the business angle rather than cloud technology. When the cloud first started making headlines, there was a notion due to costs and even technical knowledge, that the cloud would be perfect for small businesses. While some SMB took advantage, the big growth came when large enterprises began tinkering with cloud services, albeit with small portions of their infrastructure. Over at SmallBusinessComputing.com, an article called Cloud Computing Tips for Small Business gives small businesses some areas of focus when looking into cloud services. Things like software management, data storage and IaaS as a potential area for investigation for those with equipment like servers that may be nearing end of life. Avoid that onsite upgrade, especially for storage. Security is certainly another area not only for small business but all companies that consider cloud. The cloud can give small businesses (and their customers) that round-the-clock feeling of a large enterprise. Of course, plan and budget wisely, according to the article. We knew it was happening and CIO has an article about How Cloud Computing Is Changing Data Center Designs and Costs. Interesting look at how cloud computing is driving data center design. Formally, the cloud advantage relied on efficient use of current data center design patterns and now the cost basis of data centers is transforming by the creation of new data center designs focused on scale, efficiency and commodity components. They are becoming mass scale computing environments rather than raised floor cages housing individual company servers. Cost is a big topic of this article. Of all the IT services that could benefit from cloud computing, email was always considered a great contender. Jumping on a Gartner report which says Gmail Now Credible Rival to Microsoft Exchange, a bunch of folks wrote about the implications of cloud email. While still only around 4% of the total enterprise email market, Gartner expects it to grow to 20% by 2016 and 55% market share by 2020. Still a way off and lots can happen but certainly a trend to follow. Financial institutions, who may require greater security and other features may not be so quick to adopt, but others are signing up rapidly. One way to transition is to have a hybrid of cloud and on-premise inboxes. Public? Private? Oh, no…it’s Hybrid Cloud to the rescue. Yes Public is growing fast; yes, companies feel more comfortable with Private; but Hybrid might be the best of both worlds. The ability to balance workloads, move peak traffic, outsource less critical apps, adhere to SLAs and overall agility is making Hybrids very attractive to those looking to cloud computing. On any given day a ‘cloud computing’ search can give varying results depending on the hot topics, this time it seemed to return a cornucopia of stories covering a wide section of topics. And now I’m caught up….until tomorrow. ps Resources: Cloud Computing May be a Shot in the Arm our Economy Needs IT Departments as business service brokers Open Group releases a book on reaping cloud's benefits Cloud Computing Tips for Small Business How Cloud Computing Is Changing Data Center Designs and Costs Cloud Computing: Just a Data Center for Hire? Cloud Computing Transforming Contact Center Industry Cloud computing a serious contender for email services Gmail is ready for enterprise IT spotlight, Gartner says Gmail Now Credible Rival to Microsoft Exchange: Gartner Hybrid Cloud Computing gets real Hybrid cloud computing growing quickly F5 Cloud Solutions Technorati Tags: F5, costs, integration, cloud computing, Pete Silva, security, business, education, technology, application delivery, cloud, context-aware, infrastructure 2.0, web, internetHas The Sky Cleared on Cloud Security?
Last year I embarked on a blog series, lead by my trusty advisor CloudFucius, that evolved into an exploration of the numerous cloud computing surveys, reports, statistics and other feelings about the technology. At the time, 4-5 surveys a week were being released covering some aspect of cloud computing and security was cited as the biggest hurdle in almost 90% of the surveys. I also found that availability, control and a general lack of understanding were also drivers in challenges to cloud adoption. Almost 6 months have passed since the last CloudFucius entry and I wanted to see if the same fears were still lingering or at least, were the current surveys reporting the same concerns from a year ago about Cloud Computing. First up, is UK based technology publication, Computing. Working with Symantec.cloud, they surveyed 150 IT decision makers and learned that as more companies embrace Cloud Computing, they are finding that the cloud solutions meet or beat, not only their expectations but also their own existing in-house solutions. While on-premise security solutions might be adequate today, as the security threats evolve, the cloud providers may have the advantage over time due to the infrastructure investments in advanced filtering and detection along with 24/7 trained staff. Last year, availability and uptime also emerged as concerns and today there is great interest in the contractual SLAs offered by cloud providers since it often surpasses what they are capable of in-house. Resiliency and disaster recovery across multiple data centers can ensure that if there is an outage in one location, the customers can still access their data. Management and control still create some anxiety but many IT teams are happy to abdicate routine maintenance, like OS patching and hardware upgrades, in exchange for management SLAs. Now that the hype of cloud services has passed and many providers are proving themselves worthy, it is now becoming part of the overall IT strategy. As the perceived threats to data security in the cloud dwindle, trust in the cloud will grow. The Cloud Connect Conference in Santa Clara also released a survey during their gathering. In that one, elasticity and speed of deployment were the top motivators to using cloud services. Elasticity or the flexibility to quickly add or reduce capacity, can greatly influence the availability of data. These folks however were less motivated by improved security or access to the provider’s IT staff. Their top concerns were data privacy and infrastructure control. I do find it interesting that last year the term ‘security,’ which can encompass many things, was the primary apprehension of going to the cloud while today, it has somewhat narrowed to specifically data privacy. That too can mean several things but areas like outsider’s physical access to systems doesn’t seem to worry IT crews as much any more. When it comes to our school/educational system, Panda Security released a study that focused on IT security in K-12 school districts. Like many companies, they must deal with unauthorized user access, malware outbreaks and admit that IT security is time and resource intensive. They do believe however that the cloud can offer security benefits and improve their overall infrastructure. 91% see value in cloud solutions and are planning to implement over the next couple years with 80% saying improved security was a main reason to deploy cloud-based security. Finally on the consumer front, GfK Business & Technology surveyed 1000 adults about cloud services and storing content in the cloud. With all of our connected devices – cell phone, computer, tablet, etc – there will be a greater demand to move data to the cloud. Not real surprising, less than 10% of the consumers surveyed fully understand what the cloud actually does. The know of it, but not what it accomplishes. With what you don’t understand comes fear. 61% said that they were concerned about storing their data in the cloud and almost half said they would never use the cloud unless it was easy to store and retrieve data. As businesses begin to feel content with the cloud, they then need to both educate and communicate cloud benefits to their consumers. So it does appear like comfort with the cloud is beginning to take hold and as cloud offerings mature, especially around security, err ah, I mean data privacy solutions, the fear, uncertainty and doubt from last year is starting to loosen and it sure seems like greater adoption is on the horizon. And one from Confucius: They must often change who would be constant in happiness or wisdom. ps Resources: CloudFucius Closes This Cloud Canon Content security in the cloud - no longer hot air Cloud-based IT Security at a Tipping Point Reader Forum: The importance of cloud computing in mobile security Panda Security Study Reveals 63 Percent of Schools Plagued by IT Security Breaches at Least Twice a Year Cloud computing: What it can do for you and your business Just Don't Call It A 'Cloud' Defining enterprise security best practices for self-provisioned technology What do security auditors really think? Private Cloud Computing No Safer than Public Cloud Survey Shows Businesses Interested, But Still Conflicted, About The Cloud Cloud Computing Has the Power to Enhance Consumer Data Consumption, But Obstacles Hinder Greater Short-Term Adoption
When Planning Disaster Recovery, Don’t Forget the Small Stuff
As solid and reliable as fishtanks and rifles are, they share a common weakness. The tiniest crack in either will eventually destroy the entire product. Why did I choose “fishtanks and rifles”? Lori and I’s hobbies include those two items, but there are other things the same applies to. My oldest son said his tom-tom had a crack at the bottom, and I made the same observation to him… Best to get that fixed now, since the point of a drum set is to beat on it and make vibrations, I can guarantee what will eventually happen if nothing is done about that crack. A small crack in the barrel of a rifle is likely to become dangerous rather quickly. When you think of danger from rifles, you don’t generally think of danger to the operator, but in this case it is. Or those nearby. This is more of an issue for someone like myself who collects older rifles than for the guy that’s buying brand new rifles with tungsten barrels and chrome lined chambers, but it is a truth of all rifles, the pressure used to expel a bullet is far too much for a crack to remain a crack. The same is true of fishtanks. It does not matter how many tens of thousands of dollars you’ve invested into your aquarium setup, glass (or plexiglass) with gallons and gallons of water pushing on it will eventually give way around a crack – there’s just too much pressure to contain the problem without repairs. And repairs generally include emptying the tank, which is a hazard-prone operation for all of the beings you’re keeping in it. When planning your disaster recovery, you need to identify the places that are going to be under pressure in the event of an emergency and make certain they are solid enough to handle the increased pressure that downtime and recovery from downtime will create. There are several things that spring to mind, some of them you no doubt have covered, some, if the buzz out there in the enterprise world is to be trusted, you do not. While we could go through the whole monster list, let’s just stick to one that lots of organizations seem to miss or put as a low priority – the backup WAN connection. Some of you don’t have one, and that really is planning for outages, as long as your organization is good with that, you’re probably fine. Most organizations are only good with it until they have to pay the piper, then there is a scramble to make sure that never happens again. Eventually, be it from a router misconfiguration or a bad piece of hardware, or sun spots (sorry, been reading BoFH), your primary vendor will go down. Having a backup is insurance against that day. But having a backup WAN connection is also a lot of work, and that’s where most of you have found yourself hovering. Merely putting in a backup WAN connection is a start, but you have to configure failover, test the configuration, etc. And then you need to revisit it on occasion. The one thing that we’re going to see more of in the future is sizing issues. When the volume of data that you are pumping through your primary WAN connection is on the rise, you have to make certain that your backup connection can keep up with requirements should it be required. There are of course a variety of ways to go about this, with getting a larger connection, making sure your WAN Optimization products switch over when the connection does, and defining which services can be cut should there be an outage on your primary connection being the top three. My new IBM Hardware, as mentioned on the InfoSmack podcast Not selling you anything, just pointing out that you need to keep your eye on all of the pieces. When your primary WAN connection goes down because someone dug through a wire, all that money you paid to set up a backup WAN connection is either going to pay off or not. Since you’re paying for it, I thought I’d give you a friendly reminder to review your architecture and make certain you have everything set to get the benefit of the connection when it is needed.With Clouds Everywhere, It Is Bound to Rain
I was pondering the weather in Northeast Wisconsin this morning, it’s gloomy and oppressively hot. Between heat and humidity, I’d say it felt more like the US’s Pacific Northwest than the Midwest. And it’s been that way all summer. We’ve been plowed under with 80+ percent humidity for months, and every once in a while the temperature dips to remind us that we’re in Wisconsin. It is the last day of August, tomorrow is September, when cool and wet is supposed to start converging upon us. It will be a relief after months of hot and humid. But the one thing we’ve had plenty of this summer? Rain. Lots and lots of rain. Like I said, Pacific Northwest. And that’s one thing that is certain, where there are a lot of clouds converging, you get rain. If you’re unlucky, you get thunderstorms and lightning also. That is something I’ve been considering also of late. As you move to cloud, let us assume that you have an internal cloud, two external providers (like any other vendor, to keep the primary honest), two external cloud storage providers, and possibly a few stray apps that are served in a manner similar to cloud but are SaaS in a pretty dress. Image Courtesy of FloridaLightning.com By the way, links are now auto-generated by a great little WLW plug-in developed for us by Joe Pruitt.CloudFucius Counts: Cloud Outages
Well, maybe CloudFucius doesn’t but a couple websites do. Matching the same uptime guarantees that you have with your physical infrastructure can be hard to accomplish. While some companies, mostly smaller enterprises, have put all their systems in the cloud, most deployments are ‘extensions’ of existing infrastructures to provide fault tolerance, disaster recovery and all the other situations where the cloud is advantageous. We all know that the Internet, in and of itself, can have good days and bad – but we somewhat expect this from time to time. We understand that there are innumerable events that can drastically effect the internet and most of those are out of our control. While it may irritate us that we can’t get to our favorite website or work application, we generally move on to the next or wait a few minutes and try again. However, patience and understanding are usually not the headlines used when describing an IT admin when critical business systems are unavailable. Uptime can also be a nebulous thing – connection is available but the servers are down; servers up but fiber cut; site available but database/authentication/search or other functionality are unavailable. We hope that the provider has redundancy and other measures to ensure systems, infrastructure and data centers are available. We’ve expected this for all the years we’ve put servers in co-lo facilities and hosting data centers and should ask the same ‘availability’ questions of our cloud providers that we’ve demanded from our raised floor vendors. Now there are a couple websites where you can check things like cloud outages and cloud security incidents. CloudFail.net is a site that monitors service updates from the leading cloud vendors and aggregates those feeds into a simple blog format. It allows you to ‘keep an eye’ on cloud providers and get compiled information regarding outages. An August 11th entry shows the entire thread of a Google Mail issue, tracking it from the initial 4:10am occurrence to the final resolution alert at 2:48pm. Cloutage.org is an Open Security Foundation project that documents known and reported incidents with cloud services along with providing current news on cloud security. They provide a couple charts right from the main page showing the latest Cloud Incidents (outage, dataloss, etc) along with the latest Media Reports surrounding cloud security. These sites should help cloud prospects along with cloud users stay informed about what happening in the haze. And one from Confucius: Be not ashamed of mistakes and thus make them crimes. ps The CloudFucius Series: Intro, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16 Resources: CloudFail.net: Posting Failures of the Most Popular Cloud Providers Cloutage Getting the most out of the cloud Not always Cloud-9 Time to lay down the cloud computing law for uptime How Fast Can a Cloud Run?
Damned if you do, damned if you don't
There has been much fervor around the outages of cloud computing providers of late, which seems to be leading to an increased and perhaps unwarranted emphasis on SLAs the likes of which we haven't seen since...well, the last time the IT saw outsourced anything reach the hype-level of cloud computing. Consider this snippet of goodness for a moment, and pay careful attention to the last paragraph. From Five Key Challenges of Enterprise Cloud Computing I won’t beat the dead “Gmail down, EC2 down, etc down” horse here. But the truth of the matter is enterprises today cannot reasonably rely on the cloud infrastructures/platforms to run their business. There’s almost no SLAs provided by the cloud providers today. Even Jeff Barr from Amazon said that AWS only provides SLA for their S3 service. [...] Can you imagine enterprises signing up cloud computing contracts without SLAs clearly defined? It’s like going to host their business critical infrastructure in a data center that doesn’t have clearly defined SLA. We all know that SLAs really doesn’t buy you much. In most cases, enterprises get refunded for the amount of time that the network was down. No SLA will cover business loss. However, as one of the CSOs I met said, it’s about risk transfer. As long as there’s a defined SLA on paper, when the network/site goes down, they can go after somebody. If there’s no SLA, it will be the CIO/CSO’s head that’s on the chopping block. Let's look at this rationally for a moment. SLAs really don't buy you much. True. True of cloud computing providers, true of the enterprise. No SLA covers business loss. True. True of cloud computing providers, true of the enterprise. What I find amusing about this article is that the author asks if we can imagine "signing up cloud computing contracts without SLAs clearly defined?" Well, why not? Businesses do it every day when IT deploys the latest "Business App v4.5.3.2a". Microsoft Office 2007 relies heavily on on-line components, but we don't demand an SLA from Microsoft for it. Likewise, the anti-phishing capabilities of IE7 don't necessarily come with an SLA and businesses don't shy away from making it their corporate standard anyway. In fact, I'd argue that most cloudware today comes with an anti-SLA: use at your own risk, we don't guarantee anything. The CIO/CSO's head is on the chopping block if he does have an SLA, because there's no guarantee that IT can meet it. Oh, usually they do, because the SLA is broadly defined for all of IT in terms of "we'll have 5 9's of availability for the network" and "applications will have less than an X second response time" and so on. But it isn't as if IT and the business sit down and negotiate SLAs for every single application they deploy into the enterprise data center. If they do, then they're the exception, not the rule. And the applications this is true of are so time-sensitive and mission critical that it's unlikely the responsibility for them will ever be outsourced. Financial services and brokerages are a good example of this. Outsourced? Unlikely. The IT folks responsible for the applications and networks in those industries are probably laughing uproariously at the idea. The argument that an SLA is simply to place a target on someone's head regarding responsibility for uptime and performance of applications is largely true. But that would seem to indicate that if you're a CIO/CSO and can wrangle any SLA out of a cloud computing provider that you should immediately use them for everything, because you can pass the mantle of responsibility for failing to meet SLAs to them instead of shouldering it yourself. This isn't a cloud computing problem, this is a problem of responsibility and managing expectations. It's a problem with expecting that a million moving parts, hundreds of connections, routers, switches, intermediaries, servers, operating systems, libraries, and applications will somehow always manage to be available. Unpossible, I say, and unrealistic regardless of whether we're talking cloud computing or enterprise infrastructure. Basically, the CIO/CSO is damned if he has an SLA because chances are IT is going to fail to meet them at some point, and he's damned if he doesn't have an SLA because that means he's solely responsible for the reliability and performance of all of IT. And people wonder why C-level execs command the compensation levels they do. It's to make sure they can afford the steady stream of antacids they need just to get through the day.
