cloud tutorial home
  Cloud Computing Types
  NIST Cloud definition
  Cloud Computing events
  Free Applications
  Storage space on web
  Online Image Storage
  Books on Cloud
  Related Technologies
  Cloud computing sites
  Pricing
  Making Software a Service
  SOA Governance
  Symposium Offer
  about theCloudTutorial
  SmartPhone

  Articles

  Hadoop
  Cloud Computing Standards
  Virtualization
  Multi-tenancy
  Cloud computing Economics
  force.com platform
  CloudComputingPlatforms
  cloud computing & SOA
  Panda Antivirus

  Cloud Vendors

  Cloud Computing Vendors
  Adobe
  Amazon
  AT&T Synaptic
  GoGrid
  Google
  IBM
  Microsoft
  Rackspace
  SalesForce
  Zoho

  Leader interview

  George Reese
  Marc Benioff
  Michael Miller
  Rick Jackson
  Tim Mather
  Toby Velte
  Raju Vegesna
 
Welcome to www.thecloudtutorial.com
home | Cloud Types | Related Technologies

Why Cloud Computing

This excerpt is from the eBook, Silver Clouds, Dark Linings: A Concise Guide to Cloud Computing authored by Archie Reed and Steve Bennett, published by Pearson/Prentice Hall Professional, Sept. 2010, ISBN 0-131-38869-X, Copyright (c) 2011 Pearson Education, Inc. For a complete Table of Contents please visit Informit. ?
Figure 1: Put everything in the cloud by Geek and Poke.


Cloud services are arguably the most rapidly growing and evolving approach to delivering applications and services from anywhere to any customer, on any device. A shift is happening with cloud computing that spans the realms of technology and business; a shift that will dramatically change business and how it uses technology to deliver on its requirements. Are you

The Cloud Services Market

Cloud is a logical but fundamental shift in how individuals, enterprises, governments, and more conduct business, interact, and use technology. The ability to have specialized tasks undertaken by third parties is the way in which business has evolved for decades. Think of FedEx for logistics, supply chain, and transport services; ADP for payroll, HR, and benefits administration; the Big Four accounting firms for tax and audit capabilities; or one of the many production facilities located around the world. This ability to hand off critical tasks that can be done more efficiently by a third party, whether they are core or noncore to your business, is a common business model and is how cloud services can benefit you, too. There are several dimensions to cloud computing. Commonly, you will experience sales pitches in terms of public and private cloud solutions— public clouds being solutions offered by third parties, and private clouds being cloudlike solutions you implement within your own data centers. Regardless of where the cloud service is housed however, the benefits are found in being able to pick and choose the most appropriate service when needed, and your business becomes focused on optimizing your own unique IP, business methodologies, and capabilities, while linking in the nonessential services from the best source. It is about delivering quickly and supporting your operational agility.

And it is critical that you understand how you can take advantage of the best opportunities for your organization, too, because your partners and competitors are likely already doing so. A study in August 2009, by F5 Computing of more than 200 mid- to large organizations found that 80% were in trial stages for public and private cloud services deployments for their businesses. Organizations are adopting cloud services aggressively, as detailed in Figure 1.1, with 50% reporting that they have already deployed a public cloud services implementation. Consequently, cloud services are also meriting budgetary consideration, with 66% of respondents indicating that they have a dedicated budget for cloud services initiatives.

Most types of organizations can benefit from cloud services. Large enterprises can often find private clouds compelling because they deal with the maintenance or replacement of legacy systems, cost management, the requirements to launch new services faster, and similar broader competitive issues. Small companies and start-ups can find it easier to make use of the newer business solutions and offer new services to compete with established or much larger competitors. Almost all organizations experience business pressures that can be alleviated through the right application of cloud services.


FIGURE 1.1
Stages of use for a public cloud and a private cloud.

Legacy solutions must provide a baseline of capabilities, from supporting existing data to providing appropriate new or improved functionality. In addition, until cloud services are seen as being a dominant model for IT delivery, the use of cloud services may be politically sensitive in some organizations, for either valid regulatory, governance, or security reasons, or alternatively, from a job-security perspective. (In Chapter 12, “Creating a Successful Cloud Roadmap,” we discuss the chasms that need to be crossed for different types of organizations, and this is one area in which organizations require best practices before moving forward.) These organizations are definitely more likely to use or be aligned with private clouds, because IT departments try to leverage internally cloud architecture benefits to optimize their data centers. This is often portrayed as, and sometimes parlayed into, an entrée to more-public cloud options.

New solutions have an advantage of generally being able to be architected to use new technologies. This is certainly true for most start-ups benefiting from public cloud offerings. In particular, infrastructure offerings of storage, compute, and networking enable a start-up to create its solution without significant investment in such hardware and its related installation and management requirements. The same potential is there for larger organizations that need immediate capacity without a hit on capital expenditure.

Governments are seeing similar reasons to chase cloud solutions. On September 15, 2009, Vivek Kundra, chief information officer (CIO) within the U.S. Office of Management and Budget, gave a talk at NASA Ames Research Center on the administration’s long-term cloud computing policy. In that talk, Kundra noted that of a $77-billion federal IT budget, the U.S. government spent $19 billion on infrastructure alone. The key goals were noted as cutting costs and reducing the environmental impact of the government’s computer systems. Citing examples, such as in doubling of federal energy consumption between 2000 and 2006 and duplication of efforts and associated costs across agencies, Kundra saw cloud computing as an incredibly strategic force to mitigate these challenges.

October 2009, IDC released its “IT Cloud Services Forecast: 2009-2013,”1 and estimated that of the $400 billion customers would spend on IT, $17.4 billion (5% of spend) will be consumed as cloud services. By 2013, customer spending on IT cloud services will grow almost threefold, to $44 billion (10% of spend). While acknowledging there are risks, the expectation is that few mission-critical systems will be moved to the cloud, but significant benefits can be gained elsewhere through nonessential and controlled approaches.

January 27, 2010, the U.K. government announced its strategy to create a private governmental “cloud computing” solution. As reported in the Guardian,2 this is “part of a radical plan that it claims could save up to £3.2bn a year from an annual bill of at least £16bn.” In one example of expected benefits, they note that “cloud-based infrastructure could cut costs of government computing significantly and also satisfy its drive for a ‘green’ agenda by reducing power usage. The Inland Revenue, for example, is presently seeing a huge demand for its online tax return system—but that peaks every tax season and then drops substantially.”

Obviously, the goal is to support the peaks and valley's as needed, and share the resources among other departments throughout the rest of the year. Fundamentally, the market for cloud services is nascent but growing explosively due to a combination of unbridled exuberance, and even more important (as we examine in this book), a compelling set of business drivers. Guy Rosen’s State of the Cloud for May 20103 shows that of the top 500K sites worldwide, more than 3,000 sites were hosted by cloud infrastructure service providers as of April 2009 and more than 5,000 sites by April 2010. That’s around 40% growth year over year. But, as noted in the same report for March 2010, cloud solutions constitute just 1.01% of the sample. Looking at the higher-level cloud services is more challenging as a whole, but almost every version of the metrics shows significant growth, too. A poster child for cloud services is Salesforce.com. Their 2010 annual financial report showed year-over-year worldwide growth of 17,000 corporate customers to a total of 72,000, just shy of 31%.Fiscal year revenues for 2010 were $1.3 billion, a 21% year-over-year increase. The growth in cloud services based on vendor metrics so far is remarkable, and the room to grow is immense. The business drivers for cloud services include intense economic pressures and harsh realities being experienced globally, time-to-market concerns, competitive pressures, criminal threats, and more.

Cloud services have achieved a level of awareness faster and greater than many previous technology solutions. Cloud services are having a global impact in so many aspects of the business world right now, from individuals to global corporations, from small businesses to the largest of governments, from the richest nations to the poorest. Even senior executives are asking their CIOs what the “cloud strategy” is. However, confusion surrounds what cloud services are, and how to best capitalize on all the options available. With these factors in mind, it is also the case that those interested and ultimately influencing a cloud strategy range well beyond technology professionals. The use of cloud services will increase significantly as a result. So, there are lots of silver clouds offering huge cost savings, speed of delivery, and more. However, there are some dark linings in those clouds, and risks are being ignored as the allure of cheaper solutions becomes a focus. The goal of this book is to help you develop the best approach for your organization to get the most from cloud services solutions.

Cloud is not a panacea!

It is neither possible nor sensible to wholesale move your entire enterprise to using cloud services and thus prosper. Established business will have existing, often purposebuilt infrastructure that they depend on. Larger organizations will be especially aware of their existing systems on which they depend and cannot change in an instant. Concerns about performance, reliability, availability, and security are often mentioned as barriers to adopting cloud services, and the subsequent requirements must be understood to successfully manage any migration and the associated risks. This generally requires longterm planning and project management. Smaller organizations, start-ups especially, are looking for and are able to gain immediate benefits from cloud services. They can adapt and manage the risks because the cost benefits have significantly greater weighting in such evaluations.

It is sensible to look for a combination of tactical and strategic moves to take advantage of the opportunity cloud services offer. It makes sense to focus on key initiatives and requirements that can be met by cloud services. It makes sense to piece together the right parts of cloud services to improve your business processes, speed up system and product delivery, or even create a completely new product or business. Consider how small concepts and capabilities joined together can create something incredible!

Robert Kearns invented the intermittent windshield wiper in 1963, and filed his first patent around the technology in 1964. After showing his invention to several car companies, Kearns saw the concept stolen and patents infringed when major car companies started to roll out their own. The road to common use of the intermittent wiper and the subsequent decades of lawsuits against Ford, Chrysler, General Motors, and Mercedes for patent infringement forms the basis of the 2008 film Flash of Genius. The courtroom scene was compellingly watchable, as Kearns argued against the Ford lawyer’s charge that the patent was invalid because it was an obvious use of existing parts. Not so obvious is a core requirement for a valid patent. This argument was countered by Kearns, who showed that although it may have been made of common components, the resultant solution was far from common, but rather gestalt.

Whereas Ford asked a scientist to testify that the invention was a simple set of existing circuits, Kearns pointed out that when Charles Dickens wrote the classic Tale of Two Cities, it was not the use of common words that made it great or original, it was the arrangement of them into something new.

In many respects, cloud computing can be seen as a set of simple components, technologies, and processes, itself built upon a legacy of more common ones. Yet with a flash of genius, the cloud can deliver new, unique, and incredibly valuable solutions. The cloud offers an immense wealth of choice components and services for enterprises of all sizes to build new things in new ways.

Kearns, however, did not completely change a historical business model. For that, we can look at a much more strategic and game-changing example.

In 2001, Apple Computer introduced the iPod. Some considered the iPod a simple MP3 player that would need to compete with a multitude of existing products, ultimately appealing primarily to the Apple zealots. Its unique selling point was a new method to control the device called the scroll wheel. Less compelling to many at the time was the binding of the iPod to a simple media management tool called iTunes. However, Apple’s combination of hardware, software, and services created a new market model that monumentally changed the music industry.

Regardless of anyone’s specific proclivities or polarized position about Apple and its walled-garden approach to the business, it is clear that Apple has won a majority of the online music market for now.

Up until 1999, record companies worldwide largely owned their domains, managing the majority of music production and distribution from the artist through to the consumer. By 2005, the market had massively shifted, and those same dominant companies were beginning to reel from continuous hits to that dominant position. Customers could download music from the Internet. Furthermore, in another part of the industry, artists if they so choose could begin to create, promote, and distribute their own product on the Internet, organizing their own licensing for products such as T-shirts and tchotchkes. The heavy lifting of organizing tours and bookings was now possible through direct online access to venues, unless those venues were locked into contracts, of course.

The market changed and control was being eroded. Music sales were declining, and piracy was an easy target to blame. The reality was much more complex, however. The once-dominant companies had failed to observe and respond effectively to a multitude of societal, technological, economic, and business models.

Quite simply, Apple created an environment that people wanted to be part of…an experience. The choices remain for anyone to avoid or vacate the Apple environs, its unique approaches, and rights management mélange. Microsoft offers an arguably worthy competitive vertical solution in Zune, comprising hardware, software, and services that match Apple’s. There are many individual component solutions that when combined offer the same sorts of capabilities, yet the Apple solution is still compelling enough for most to remain loyal. Moreover, it is not just a technical or business model that makes it so. It is a mystique and market presence that allows Apple to maintain such a following, never mind the accessory and secondary markets that have been created in their wake.

Meanwhile, back in the broader music industry, the industry group, primarily in the United States, responded to the market threats with measures that have been decried as everything from draconian and misdirected (suing individuals, lobbying political support to create or update laws, and more). As a result of not responding to a shift in the market, they lost value and their position of power.

Hey, shift happens! Be ready for it.

The movie industry has faced a similar problem. Because of the move to digital distribution of their content that can be easily moved over the Internet, users can more easily access it through this new means. Unless a business model is found that embraces and extends this reality, the movie industry risks suffering a similar experience, arguably in a much shorter time frame. They are experiencing unprecedented shift.

Worldwide, many are excited by the prospect of owning Amazon’s Kindle. Although there is much to admire in the hardware in the Kindle device, Amazon is attempting to create a vertical market juggernaut like Apple’s. However, competitors are coming in thick and fast to try to own this new vertical market, using a similar model, and therein lies another key point to be made. The benefits of cloud services can be capitalized on often without requiring significantly new intellectual property. However, business models will be broken as a result.

For now, let’s be clear: This is not the story of patent litigation or legal issues. It would be a mistake to say that cloud will devastate the landscape of business. However, it is not a stretch to say that the landscape will shift radically in the next ten years because of how cloud services will be used to revolutionize markets. Here, we exhort you to critically consider how your business will be impacted by the cloud approach to using resources, and prepare for some of the most significant changes to business processes and opportunities for change in decades.

Cloud Services Benefits

Common attributes of cloud offerings include massive scalability, near-immediate availability and provisioning, increased cost management controls, and more. However, while we consider the benefits here, a number of dark linings lurk around our silver clouds, and throughout this book we examine them in relation to the usage models of cloud services. Each organization will determine different sets of benefits and risks however. So, your mileage will vary.

The definitions of cloud services and related cloud computing architectures—and there are many—span a huge range of opportunities and architectures. You may choose to source cloud services internally or externally to your organization, and it is our position throughout this book that most organizations will end up with a hybrid mix of options. Therefore, not all the benefits, or risks, will apply to your situation. Part of the goal in this book is to try to isolate those areas that vary and provide tools to determine your best path forward.

Therefore, as with all things, the benefits and risks attributed to cloud should be considered relative to your current circumstances and measured against your capabilities in relation to any strategic constraints and opportunities that exist. Let’s consider building cloud up before we break it down. So, before we detail how cloud solutions are defined, consider the potential benefits from the business and technology viewpoints.

Benefits of Cloud Services

The benefits ascribed to cloud span both business and technology spheres. For business leaders, your ability to maintain or gain agility and your management options are greatly enhanced. For an IT department trying to deliver services to support the business, cloud services offer a new way to architect and source solutions. By finding cloud services that match noncore delivery of IT services, the IT department can concentrate on finding and delivering the best services for the business more effectively.

At a high level the benefits of cloud services can be categorized as:

  • Agility
  • Business focus
  • Cost and budget control
  • Scalability and capacity management
  • Governance and compliance
  • Security
  • Optimized infrastructure
  • Isolation
  • Mobility
  • Refactorization
Agility
From a business perspective, there is much more to consider today beyond your ability to manage your core business and deliver great and timely products and services. Today, competitive pressures, marketing challenges, budget issues, and more are considerable requirements. Your ability to manage situations quickly and efficiently is the key.

The biggest benefit of cloud computing to business today can be framed in terms of agility. Cloud services can offer huge savings in terms of time (for example, when IT capabilities must be delivered quickly). Scaling up or down with cloud services does not usually require additional hardware or software. Cloud services offer minimal setup time, minimal time to scale, and less cash outlay. This is because as a business model, cloud service providers generally host massively scaled systems’ capacity that can be switched on upon request.

Suppose, for instance, that you need to scale rapidly for a new project or a seasonal rush. Companies can model these situations using internal resources, but likely at some point they will need to expand beyond that capacity. A decision is made whether to use an external provider to fill the gap; in the world of cloud services, this is called cloud bursting.

Cloud services, as a concept, are available over Internet technologies and enable us to interact or consume them from almost anywhere on any device. While issues of form factor and communication speed create some limitations today, the business benefit of being able to bring key resources to bear on a critical or time-sensitive problem is recognized as a huge benefit to the agility of any business. Having mobile and remote capabilities allows organizations to recruit employees/contractors who can deliver but who cannot or will not travel to their physical locations. Popularized in the 1990s, offshoring was a first example of this business transition: Business services could be offered from anywhere. However, the advent of cloud services means that more capabilities are available to you and to those providers (and from them, too).

Cultural issues aside, web conferencing services, such as the pioneering WebEx, show how product demonstrations no longer require someone to be physically in the room to represent the company. There are now a multitude of meeting options ranging from Citrix’s GoTo services for remote access and support, to HP’s Halo room for the “in the same room” meeting experience, and to Skype for making video and audio calls worldwide for much less than traditional telecommunication carrier costs. All of these examples illustrate the opportunity to use technology to deliver business results faster and at highly cost-effective price points.

Servicing your customers at scale is possible only through improvements to the scale and functionality of your service and support capabilities. Support over the Internet is one way to do this. In this scenario, you either expose your support model through a web application or you use a provider who will manage that support through a web application on your behalf (à la cloud). Outsourcers such as EDS/HP Enterprise Services, Centerbeam, and more have been offering these types of support services for more than a decade, but the ability to focus support into web-based solutions decreases the number of staff required to answer phones and deal with people directly.

Business Focus
By using the best service from a cloud service provider, a business can potentially focus more energy and talent on optimizing existing revenue streams and aggressively pursuing the development of new ones.

For example, cloud services can enable businesses to gather information, ideas, feedback and so forth from a much wider set of sources (such as customers, partners) than was ever possible by traditional means. This approach is known as crowdsourcing.

Popular crowdsourcing approaches have primarily evolved from the world of Web 2.0 solutions. One business that relies on crowdsourcing is Wikipedia, an online encyclopedia. Wikipedia employs a small organization of less than 50 employees, while utilizing several thousand key volunteers and tens of thousands of other contributors from around the world. While some entries are questionable in terms of veracity, substance or even legality, the overall effort resulted in a much more dynamic and comprehensive set of data than traditional printed encyclopedias could ever match.

Yelp offers the ability to source a set of opinions on a wide range of vendors, from restaurants, to retailers, and more. From this, others can view ratings and comments about those vendors and decide whether to use them. Yelp also shows that these types of solutions can be manipulated (for example, when they gain notoriety, or, when not enough people provide opinions).

Consider a company in crisis. On April 20, 2010 British Petroleum’s oil drilling platform, the Deepwater Horizon in the Gulf of Mexico suffered a series of catastrophic failures and collapsed into the water with devastating results to life and nature. The amount of oil escaping was immense. Estimates ranged wildly from 5 to 200 thousand barrels of oil a day, flowing non-stop for over three months. The point here is that BP used crowdsourcing as one approach to deal with the cleanup efforts by creating a “Deepwater Horizon suggestions” page.4 As of July over 20,000 suggestions had been submitted, and at least 10 had been tested for use. The US federal government also set up a site with information on volunteering to help with the clean-up effort. This is not to say that crowdsourcing is all perfect. Using services in the cloud like this opens up the potential for anyone in the world with Internet access to “join in” with the crowd. The majority of participants are likely to offer positive input, whereas other individuals or groups are less valuable; some are trolls seeking to make noise, and some are vandals seeking to abuse the system. Mitigation against these and similar issues is centered on access controls, the ability to curate the input, verification processes, and so forth.

Vendors such as Ning, Big Tent, SocialGo, and many others enable for communitybased social networking solutions, even crowdsourcing, in a more controlled environment with stricter access controls to the various parts of their services in the cloud. These additional controls can make crowd-based efforts more compelling to community- based or vertical-focused organizations.

Cost and Budget Control
Although the initial costs of using cloud services may appear less, a better expectation should be that cloud services offer more control over costs or better budget management capabilities. Most cloud services enable you to pay on a monthly, weekly, or per-use basis. Choosing a cost-effective cloud service provider can result in significant savings, but more important is finding a cloud service provider than can accurately report usage patterns to you so that you can confirm the accuracy of your billing based on use.

One noted advantage of using public cloud services is the use of operational expenditure (OpEx) over capital expenditure (CapEx). However, understanding the implications of CapEx and OpEx is critical to effectively managing budgets. The difference between buying a house and renting one is the amount of cash that (usually) goes out the door at one time, and the same concept applies here. IT data centers are generally CapExintensive, because they require initial outlays of cash upfront to build out. Cloud services are generally booked as OpEx because they are consumed through a services agreement over time. Although CapEx can be depreciated over time, essentially allowing costs to be defrayed against profits, the initial drain on cash at hand is often seen as detrimental and to be avoided in the business world. Having flexibility of where to spend OpEx versus CapEx enables an organization to better manage expenditure such that the costs occur over time rather than in one big lump sum, which enables for better cash-flow management.

The concept of Green IT illustrates the significant costs borne by many organizations. The operational costs associated with building and maintaining data centers and with scaling power, cooling, and even basic hardware requirements are significant. Over time business workloads fluctuate and data centers are often left fully powered on, o whether the infrastructure is used. For example, some organizations run financial systems all year, but they hit peak load only once a quarter or once a year during financial reporting periods. There are many ways that organizations can look to benefit from cloud deployments as they try to optimize and approach a Green IT model. For their own private clouds, the goal is to optimize their usage requirements and cycling systems when needed. Organizations use community or public cloud services when needed, essentially pushing their workloads to the cloud when their internal capacity is reached, or cloud-bursting. Although many cloud service providers do not provide utilization data, there is an assumption that cloud service providers have optimized their infrastructure and management tools to maximize usage.

In many cases, organizations no longer have to hire people to manage system updates and backups and therefore can save on staffing costs and on storage management.

Scalability and Capacity Management
The capability to scale quickly to extreme capacity is not a common attribute or goal of traditional data centers and IT departments. As a result, many businesses experience times when they are hampered by a process that takes weeks or months, sometimes even years, to get new compute resources and applications online. This is despite that many large enterprises have already spent millions on computer hardware and have thousands of servers under management (at least on the books). Cloud computing promises the capability to scale massively in terms of systems, connections, bandwidth, storage, and more on an almost immediate basis. The converse is also important, where the service will shrink back down just as quickly if the need is no longer there. These benefits support cost management goals and enable you to grow in line with your requirements in a linear rather than a reactive mode.

The appearance of unlimited capacity is quite appealing. Cloud services need to be tuned to carefully manage actual capacity against expected requirements, yet deal with unexpected demands when necessary, too. Predictive analysis is critical in this respect, and offering those delivery and management capabilities to customers is something that both IT and cloud service providers must do to deliver this benefit to businesses.

Governance and Compliance
Governance is the process used to ensure that regulations, rules, and mandates are followed within an organization. Compliance refers to the facility to monitor and validate that the organization is meeting the governance requirements. Although cloud services introduce potential challenges in matching these requirements, the opportunities to improve an organization’s governance and compliance stance can be greatly improved.

Taking a service-based approach to delivering both business and IT functionality that incorporates the governance processes allows for closer alignment to compliance reporting. Sourcing specific, metered services from cloud service providers that specifically match governance models allows for better reporting, more accurate alignment between service usage and fluctuations in business workflow, and ultimately, faster time to market. This also brings up the need for a service catalog and related management tools to ensure usage matches expectations. We will talk about this in Chapters 7 through 10 as this closely relates to overall operations management and security as well.

In some cases, organizations have found that by using a third party to manage their IT services they are better able to deliver services within their governance models and compliance mandates. For small businesses in particular, the cost of hiring to manage these requirements can be significant itself, much like security. Using pooled resources and services allows business to capitalize on the best of that common capability.

It is important to note that although cloud services provide potential improvements to your governance and compliance position, you cannot abdicate responsibility for compliance. While different models of cloud computing architecture actually vary the amount of “control” you and the service provider have over the service, none of them changes your responsibilities to protect data, privacy, or service levels.

This is a critical point made that is reiterated throughout the text: Although you can look to the cloud for specific capabilities and functions to support governance, compliance, and even security, you cannot abdicate these obligations. For example, if a breach of your customer or employee data occurs, the responsibility to report and rectify remains yours. The cloud service provider may help deal with the issue. The cloud service provider may suffer some of the same financial repercussions. However, the cloud service provider is not the owner of the problem. Therefore, any reliance on the cloud’s controls and safeguards, and on the governance and compliance practices of a cloud service provider, must be carefully evaluated in line with your governance, and compliance needs to ensure that the solution enhances your posture, instead of increasing either direct or ancillary risks.

Security
Whereas many potential users of cloud services have a visceral or gut reaction that suggest cloud services are not secure, that is certainly not always the case. We discuss security opportunities and challenges in much more detail later in the book, but for now consider many organizations find significant improvements in their security posture by using cloud services. Often, because of their size or financial limitations, small and even medium-sized businesses cannot hire security specialists or respond quickly to security incidents. Using specific best-of-breed capabilities in the cloud to prevent or identify fast-moving or specific threats is a benefit to all organizations, perhaps best illustrated by the vendors who provide antivirus and antispam solutions outside the traditional IT environment.

Optimal Infrastructure
The ability to host multiple capabilities in the same hardware, software, or service allows for the follow-on benefit of optimized use of the infrastructure. Multitenancy as a model for using compute resources has existed since the 1960s, when IBM challenged traditional time-sharing models by adding virtualization with its VM/370 series.

Multitenancy can occur at any or all levels of the architecture, as follows:

  • Virtual layer: Virtualization provides the ability to create specific environments for each process, application, or operating system. This model isolates everything above the virtual layer itself but allows for the use of pooled resources below that layer, most commonly hardware such as networking, processor, memory, input/ output, and storage resources.

  • Application layer: The user interfaces of most web applications allow for specific fixed graphical and behavioral elements alongside customized elements associated with a specific organization, individual, or function. If one component or functional element fails in the delivery of the interface, it is easier to replace because those elements derived from other parts of the application and can be easily reconstructed.

  • Database layer: Data for multiple applications, through to multiple customers, can be stored in the same database, and thus allow for the focus on optimal data structures rather than entire infrastructures to support each individual requirement.

To gain the best advantage of cloud requires that each of these architectural layers be considered carefully to determine the best layer or layers to optimize for multitenancy.

Isolation
Almost a corollary to multitenancy is both the ability and requirement for isolation at each of the layers. While an application vendor such as Salesforce.com may use a common database layer for managing customer data, it is essential that the security mechanisms around the application layer maintain isolation between the various customers. Fundamental for any type of cloud provider is the requirement to offer isolation at each level of service exposure to their cloud users. This may be the infrastructure, platform, or software applications. In addition, APIs and management tools must also ensure that isolation exists in terms of identity management and access models, key management and encryption, and user interfaces. This is a specific set of technical requirements that need to be carefully evaluated when using a third-party solution in a private cloud and in any public cloud.

Mobility
The idea of web-based services has been around for many years, as have application hosting and outsourcing. The ability to get to the services from anywhere from any device has been a goal that is finally being broadly realized, and it threatens business models and IT departments who must contend with the security issues associated with data being available on devices either temporarily or long term.

In August 2009, ABI Research6 released a report that said mobile cloud computing subscribers would total nearly one billion by 2014. The ABI report contained the following reasoning:

There are two primary reasons why ABI believes cloud computing will become a disruptive force in the mobile world. The first is simply the number of users the technology has the power to reach: far more than the number of smartphone users alone. The second reason has to do with how applications are distributed today. Currently, mobile applications are tied to a carrier. If you want an iPhone app, for example, you have to first have a relationship with the mobile operator who carries the iPhone. If you want a Blackberry app, the same rule applies. But with mobile clouding computing applications, as long as you have access to the web, you have access to the mobile application.

Although there are many arguments against this position, the general direction in cloud services is to support more open standards and therefore the dependence on specific carriers is certainly less than in years previous. This means that offering employees, customers, and partners better access and links to your organization via an exploding mobile world is absolutely possible.

Refactorization
Some like to think of cloud computing as an opportunity to do away with all their existing infrastructure challenges and costs—a “burn it to the ground” or rebuild scenario. This is truly not the real option, especially for any enterprise with more than a year under its belt with existing IT, and especially not for medium to large enterprises with many current or legacy systems in place. The reality is that cloud services allows an IT department to refactor some or all of their existing systems over time and usually take advantage of cost-effective new ways to deliver IT services to the business as a result.

The same concept can also be applied to data center design. Historically, IT has designed data centers using the model of high availability, focusing on repair as a core requirement instead of considering the best mode for recovery to availability. This includes using certified hardware with comprehensive support and maintenance contracts. This includes concepts such as fail-fast, highly integrated systems, and deploying on stable QA tested solutions on a prepared basis with massive change control to ensure the ability to roll back failures.

Large cloud service providers are approaching infrastructure design with a qualitatively different approach. They focus on low-cost commodity hardware where possible. Faults should be simply routed around until some standard recovery can be achieved on a scheduled or even ad hoc basis. This is much more cost efficient in many modes, yet requires a change in thinking that may benefit IT. Modeling can be important here, but if you are not prepared to consider alternative approaches, you will never get to model it. Also note that it is often difficult to model third-party cloud services well, given the potentially vast array of failures that can occur. Traditional IT approaches do not immediately match well to these new architectures and will require some refactoring. We all know that hardware will fail, networks will fail, and an entire data center may fail. Truly, any part of the stack, including the human components (from operators to users), may fail in some way. So what does that mean? We need to monitor different things. It is common to model small failures in a larger system and monitor for those failures (e.g., disk out of space, router offline). Cloud services are modeled as services, and therefore if you refactor how to manage them in this context, you begin to see dependencies across the whole system rather than in terms of just the data center itself, which in turn allows you to focus on core services rather than all services. This change can truly impact IT’s ability to deliver and maintain high-availability services.

Summary of Benefits
Using cloud services to supplement or replace IT functions should allow an IT department to deliver more innovative capabilities to the business by focusing more on the service delivery and less on the hardware and software updates. Most benefits derive from the pooled nature of cloud services being offered through multitenancy architectures (or more simply, economies of scale). Costs, risks, controls, and more are aggregated across thousands of customers rather than one individual organization’s data center.

Many definitions of cloud computing identify self-service or self-provisioning as a benefit. Although self-service can help make cloud services easier to use, the reality is that self-service requires a mode of operations that includes service catalogs, automated provisioning and de-provisioning, and more to be effective. Therefore, we consider selfservice as something that although beneficial in small environment is in reality a result of delivering good service-oriented architectures that may or may not be cloud based in nature.

In summary, cloud computing provides significant opportunities. Thinking these through in relation to your own business challenges is important. Perhaps even more critical, you want to remember that your competitors are also considering how to capitalize on these opportunities.

However, cloud computing has challenges. Your organization may already be ready to adopt and adapt to new technologies or ways of achieving your business goals, but finding success with cloud services may require a mindset that allows you to change how you manage risk and control. To achieve success with cloud, regardless of internal or external options, IT needs to be the service broker and aggregator for the business, providing guidance, cost management, and governance in this new model.

What Is Cloud?

This is the story of how cloud provides us all with the opportunity to truly rethink how we do things, by rearranging things in a new way. The reality of cloud is that it is a culmination of many parts: changing business models, changing Internet functionally (increased speed of transmission, increased reliability), baseline standards, significantly lower costs of hardware and networking.

We consider cloud at the highest level to provide a means by which adequately secured, global, highly scalable, and flexible services can be delivered and consumed using Internet standards through an as-needed, pay-per-use business model.

Cloud services exist as the current incarnation of our evolving technology and business models. Implicit in the term cloud services are a number of evolved capabilities in terms of cloud computing, cloud operations, and cloud standards:

  • Cloud computing is the infrastructure, including the data centers, networking, and communication standards.
  • Cloud operations are the management tools, the APIs, and the many disciplines associated with managing the cloud environments.
  • Cloud standards are rapidly evolving from the existing Internet and Web 2.0 standards that have led us to this stage. The goal of cloud standards efforts is to align cloud computing and cloud operations capabilities. In early incarnations, cloud standards have primarily been de facto in nature, but a significant number of organizations are working to evolve them (or to create de jure standards for the benefit of all).

The concepts of large-scale usage of compute resources such as utility and grid computing are derived from traditional utility providers such as power or water. The adoption of utility computing is seen as a good parallel for cloud services, because they have initially been used for noncritical processing.

Let’s start off with our chosen principal definition to cloud and then move to focus on what’s really core to cloud and how you can take advantage of it. While you will find many definitions available, we see the most useful, comprehensive, and popular definition as being from the National Institute of Standards (NIST). The NIST Definition of Cloud Computing Version 15 offers the following definition of cloud computing as defined by Peter Mell and Tim Grance:

Cloud computing is a model for enabling convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction. This cloud model promotes availability and is composed of five essential characteristics, three service models, and four deployment models.

The next three sections present the essential characteristics, service models, and deployment models of cloud computing as defined by NIST.

The NIST Essential Characteristics of Cloud Computing

The essential characteristics of cloud computing as defined by NIST are shown in Figure 1.2.

FIGURE 1.2
Cloud essential characteristics based on the NIST definition

Key to these characteristics introduced here is the concept of multitenancy—the idea that many different applications, users, and even businesses may take advantage of the resources being used, as follows:

  • On-demand self-service: A consumer can unilaterally provision computing capabilities, such as server time and network storage, as needed automatically without requiring human interaction with each service’s provider.
  • Broad network access: Capabilities are available over the network and accessed through standard mechanisms that promote use by heterogeneous thin or thick client platforms (e.g., mobile phones, laptops, and PDAs).
  • Resource pooling: The provider’s computing resources are pooled to serve multiple consumers using a multitenant model, with different physical and virtual resources dynamically assigned and reassigned according to consumer demand. There is a sense of location independence in that the customer generally has no control or knowledge over the exact location of the provided resources but may be able to specify location at a higher level of abstraction (e.g., country, state, or data center). Examples of resources include storage, processing, memory, network bandwidth, and virtual machines.
  • Rapid elasticity: Capabilities can be rapidly and elastically provisioned, in some cases automatically, to quickly scale out and rapidly released to quickly scale in. To the consumer, the capabilities available for provisioning often appear to be unlimited and can be purchased in any quantity at any time.
  • Measured service: Cloud systems automatically control and optimize resource use by leveraging a metering capability at some level of abstraction appropriate to the type of service (e.g., storage, processing, bandwidth, and active user accounts). Resource usage can be monitored, controlled, and reported, providing transparency for both the provider and consumer of the utilized service.

The NIST Service Models of Cloud Computing

The service models of cloud computing as defined by NIST are shown in Figure 1.3.

FIGURE 1.3
Cloud service models based on the NIST definition

Each of the service models offers different levels of capabilities and responsibilities to the provider and the consumer of the service. In addition, these service models may utilize a custom architecture, or the physical infrastructure, to exist. These services may rely on a service offering from a lower service model. In this way, cloud services in the higher levels, those being platform and software, may be entirely built atop other cloud services. The most compelling way to think about these models is that if everything has a set of APIs from the lowest to the highest levels, the service-orientated nature of cloud services becomes very clear, as follows:

  • Software as a service (SaaS): The capability provided to the consumer is to use the provider’s applications running on a cloud infrastructure. The applications are accessible from various client devices through a thin client interface such as a web browser (e.g., web-based email). The consumer does not manage or control the underlying cloud infrastructure, including network, servers, operating systems, storage, or even individual application capabilities, with the possible exception of limited user-specific application configuration settings.
  • Platform as a service (PaaS): The capability provided to the consumer is to deploy onto the cloud infrastructure consumer-created or acquired applications created using programming languages and tools supported by the provider. The consumer does not manage or control the underlying cloud infrastructure, including network, servers, operating systems, or storage, but has control over the deployed applications and possibly application hosting environment configurations.
  • Infrastructure as a service (IaaS): The capability provided to the consumer is to provision processing, storage, networks, and other fundamental computing resources where the consumer is able to deploy and run arbitrary software, which can include operating systems and applications. The consumer does not manage or control the underlying cloud infrastructure but has control over operating systems, storage, deployed applications, and possibly limited control of select networking components (e.g., host firewalls).

To elaborate the potential use of lower services by higher level services, Figure 1.3 includes an example SaaS customer relationship management (CRM) application that resides entirely atop the various cloud services deployment options, using an application server and database in a PaaS scenario, which in turn rely on an IaaS option for compute, network, and storage capabilities.

Critically, in Figure 1.3, we also introduce the concept of XaaS. XaaS represents anything as a service. That said, we will try to avoid confusion or pollution of the “aaS” nomenclature by focusing on SaaS, PaaS, and IaaS as the core models for cloud services, often combined into its own acronym of SPI.

These models can also be deployed in isolation, utilizing their own compute, network, storage, and related infrastructure. In these cases, the infrastructure is architected to deliver the best performance for the service delivery requirements and not generic capabilities as defined by each service layer.

The NIST Deployment Models of Cloud Computing

The deployment models of cloud computing as defined by NIST are shown in Figure 1.4 and are described in the following list.

FIGURE 1.4
Cloud deployment models based on the NIST definition

  • Private cloud: The cloud infrastructure is operated solely for an organization. It may be managed by the organization or a third party and may exist on premises or off premises.
  • Community cloud: The cloud infrastructure is shared by several organizations and supports a specific community that has shared concerns (e.g., mission, security requirements, policy, and compliance considerations). It may be managed by the organizations or a third party and may exist on premises or off premises.
  • Public cloud: The cloud infrastructure is made available to the general public or a large industry group and is owned by an organization selling cloud services.
  • Hybrid cloud: The cloud infrastructure is a composition of two or more clouds (private, community, or public) that remain unique entities but are bound together by standardized or proprietary technology that enables data and application portability (e.g., cloud bursting for load balancing between clouds).

What Can Cloud Do for Me?

Cloud computing is about moving services, computation, and data—for cost and business advantage—to an internal or external, location-transparent service or services. By making data, services, capacity, and more available in a service-based model, they can be much more easily incorporated into business and IT processes that can be ubiquitously accessed. This is often at much lower cost, increasing the value to the business by enabling opportunities for enhanced collaboration, integration, and analysis on a shared common platform.

From just these few definitions, we see both commonality and disparity, and those same issues exist across all the many and varied approaches out there. As a result, there is a multitude of overlapping definitions of cloud. The analysts have them, the marketers have them, users have them, and standards groups have them, and so on. We have one, too, but we won’t get wrapped up in debates about it. Instead, we focus on the capabilities that the cloud model provides.

Perhaps most aggravating when investigating cloud services options is the marketing approach to relabel or brand anything and everything “as a service.” This is called cloud washing. This just becomes confusing initially and an exercise in futility in the long run as terms become overloaded. We see “storage as a service” and “security as a service” competing acronym-wise with “software as a service.” So, one of the advances is to say that each of these options fits into one of the three delivery models, SPI, and be done with it.

To understand the cloud then, it is better to focus on the attributes possible rather than ascribe a specific definition to it. Not only do the definitions change depending on which part you focus on, but also so do the benefits and risks. A breakdown of these solutions with examples of popular solutions helps to understand the nuances of each layer in more detail (see Figure 1.5).

FIGURE 1.5
Cloud architecture sample capabilities and industry examples

Most of the examples are public cloud options, and the opportunity to fashion your own solution such as these as private cloud options does negate some of the opportunities we have discussed so far.

The addition of cloud-driven processes and web-based services to the SPI framework is intended to illustrate the higher-level business models and processes that can be considered. Furthermore, here we illustrate the term mashup, which comes from the Web 2.0 environments. A mashup is a composite web-based service created by mixing together other web-based services, or more appropriately, higher-level cloud services. This creates useful and varied solutions for users, but also introduces management challenges as delivery is affected via distributed capabilities. This essentially becomes a chained service model, and as with all integrations, or should we say “mashups,” things can go wrong across the service components.

For a business example more grounded (ahem) in supply chain management, consider the history of the Boeing 787 Dreamliner. Planned to be the most advanced technical and component-based airplane in large-scale commercial aviation, Boeing approached the effort by taking a nontraditional approach to collaborating, sourcing, and integrating myriad components from hundreds of suppliers and subcontractors. The project was beset by delays as a result of too many issues. As a result, the aircraft finally lifted off for its maiden test flight on December 15, 2009 (more than two years after its original schedule of August 2007, and well over budget and suffering from a decreased set of capabilities).

History shows that there were numerous problems for Boeing in terms of supply chain management: integration due to standardization issues, component shortages, qualitycontrol issues, and more. Similar issues come to the forefront when an organization chooses to use cloud services without clear strategic goals and management tools being in place.

To succeed with cloud services, business and IT leaders must recognize and deal with the fact that the role of IT is changing to include much more comprehensive supply chain management and vendor management. If cloud services are to be used, the traditional IT team makeup is incomplete and so must be enhanced with more legal, contractual, and business expertise. Those familiar with outsourcing are in a much better place to manage this new approach to delivering business value.

Cloud services can enable the business to gain much greater control over its ITdependent decisions, as long as it has the correct management processes and tools in place. This is discussed extensively in Part III, “Life in the Cloud—Planning and Managing the Cloud,” of this book, where we examine the approaches and requirements for managing cloud services solutions.

Summary

Ultimately, cloud services offer opportunities to source complete or partial services for all IT and business processes. This move to a multisourced, multicapability, or hybrid market model has risks just like those faced by Boeing (when different suppliers held different responsibilities and different roles, which resulted in several time and budget failures). That is not to say that using cloud services is bad, but rather, a reminder that adequate management of their use and integration is critical.

Key points to consider from this chapter are

  • The cloud services market is developing at a rate faster than most other technology and business models.
  • Cloud services are changing business models and industries and are creating new opportunities for all.
  • There are many definitions of cloud services, and the NIST definition is the most widely accepted definition used today.
  • The benefits of cloud services span both business and technology spheres.
  • Cloud is not a panacea.

The discussion so far has focused primarily on defining our topic and examining the benefits associated with cloud services. Chapter 2, “Evolution or Revolution?,” examines the risks that must be considered alongside those benefits.

Endnotes