Pages

Sunday, March 7, 2010

Help for Executives Analyzing Cloud Computing as a New Strategy

For many CIOs and other executives cloud computing has become an area of intense interest, but there is still a lot of misinformation over what it is.  In reality, Cloud Computing addresses the old “Make vs. Buy” idea prevalent in the manufacturing world.  For many cloud computing represents an externally hosted service to meet their information processing and storage needs (I say “many” since in some cases it could make sense to implement your own "private" cloud even if you are not planning to sell cloud service).  From an authoritative standpoint:
"Cloud computing is a model for enabling convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction..." (from NIST Definition of Cloud Computing v15)
The National Institute of Standards and Technology (NIST) also defines three basic service modes for cloud computing, they are:
Cloud Software as a Service (SaaS). [i.e. Hosted Application] … [The consumer uses a provider’s application]. The applications are accessible from various client devices through a thin client interface such as a web browser (e.g., web-based email). The consumer does not manage or control the underlying cloud infrastructure including network, servers, operating systems, storage, or even individual application capabilities, with the possible exception of limited user-specific application configuration settings.
Cloud Platform as a Service (PaaS). [i.e. Hosted Development Environment] … [The consumer is able to build or purchase their own application] using programming languages and tools supported by the provider. The consumer does not manage or control the underlying cloud infrastructure including network, servers, operating systems, or storage, but has control over the deployed applications and possibly application hosting environment configurations.
Cloud Infrastructure as a Service (IaaS). [i.e. Hosted Data Center] …  [The consumer is able] to provision processing, storage, networks, and other fundamental computing resources … The consumer does not manage or control the underlying cloud infrastructure but has control over operating systems, storage, deployed applications, and possibly limited control of select networking components (e.g., host firewalls) ...”(from NIST Definition of Cloud Computing v15)
Each of the service modes are discussed in the proceeding sections.

How Cloud Computing is Analogous to the Old “Make vs. Buy” Outsourcing Decision

In most industries, a decision to outsource generally relates to cost and current organizational capability.  If a company can generate a part of their product(s) or service(s) elsewhere for cheaper, better, or for a higher return on investment the decision seems like a simple one.  Cloud computing allows a business to outsource their IT needs if they so choose.  One of the easiest ways to do this is to use “Infrastructure-as-a-Service” (IaaS).  Infrastructure-as-a-Service provides businesses with a virtual data center full of machines, whose count can adjust on the fly.  Using this approach, a business can move their current servers’ disk images into a datacenter they do not manage.  The “virtual” servers still act the same, but the business no longer needs to worry about all of the costs associated with physically maintaining a data center.  Using the Infrastructure-as-a-Service model, cloud providers will typically charge businesses based on the performance level of the virtual server they create on a weekly or monthly basis. As a result, the business no longer needs to worry about paying for underutilized hardware. For example, if a three-month project requiring a group of servers starts, the business can create the virtual machines (with specifications that are the most cost appropriate) at the start of the project and delete them at the end.

If a business wishes to save more in operational costs at the expense of up front development costs, they can make use of Software-as-a-Service (SaaS) or Platform-as-a-Service (PaaS) cloud computing methods.  Using Infrastructure-as-a-Service still requires a business to pay for software licenses, and staff to maintain the versions, patches, and health of the virtual server image – the business is only renting processing space thereby eliminating their costs associated with hardware.

Cloud Computing Doesn’t Seem New, Why is there Such a focus on it Now

If you remember in the early 90’s there was a push for a two-tier client server architecture using thin clients to view data and a powerful mainframe to handle most of the processing.   Some businesses embraced this model if they were large enough to run data centers, yet others large enough stayed away from the technology citing doubts about the overall return on investment from switching to the model.  There were clear issues with some implementations causing workflow disruptions when either the mainframe had issues or communications disruptions occurred to the thin client.  This model seems similar to how cloud computing works so why the renewed buzz and excitement now?

Most likely, the answer is a result of improvements in virtualization, high-speed network bandwidth/availability, and delivery method. In the last few years, high-speed network runs/fiber increased a lot, allowing higher redundancy and speeds at many geographic locations.  In addition, web-based services became a standard for delivering most data. Rather than proprietary distribution methods, IP via TCP is the most common way to send data now, allowing almost any machine with a web-browser to view data. Lastly, virtualization technology is a regular tool in the IT professional’s toolkit now. Virtual machines existed for some time, but several key events led to an improvement in understanding of the virtual machine - the release of the first x86 virtualization product by VMWare in 2001, the release of the first open-source x86 hypervisor (Xen) in 2003, and the release of the first free machine-level virtualization product for the server market by VMware in 2006 (information from Timeline of virtualization development).  Virtualization also unlocked hosting businesses real potential by providing the rapid flexibility and dynamic partitioning of their physical assets. The culmination of these three things addressed many of the problems seen in the original two-tier concept, thus the cloud-computing hosting paradigm took off as the right technologies were at the correct level of maturity.

How Cloud Computing Works Well for Medium Sized Organizations

For medium sized businesses and organizations Infrastructure-as-a-Service, generally makes the most sense to take advantage of from a cost perspective.  Most medium sized businesses have small data centers for managing their data.  These data centers are typically average to poor in terms of performance (not typically exceeding tier 1 or 2 in design).  For their size, it does not make sense for these businesses to make large investments in staff capability or high-end IT assets.  Medium sized businesses generally have customized applications or workflows setup by an external group (as medium sized organizations cannot retain appropriate development personnel internal to their organization from a cost perspective).  Think about the number of medium sized manufacturing companies that have spent large amounts of capital to develop Enterprise Resource Planning or Human Resource systems (i.e. SAP, PeopleSoft, etc).  The customization inherent in these applications generally precludes their usage in a strict Software-as-a-Service sense (at least not right away).   It makes more sense to wait for these customized assets/workflows to near the end of their planned lifecycle to maximize return on investment.

Using Infrastructure-as-a-Service allows medium sized businesses to eliminate the need for their physical data center by taking the disk images from these assets and moving them into the cloud as virtual machines.  Doing so ensures that funds expended on their applications and workflows gain a complete return on investment, but allows for potential cost savings associated with operating the data center.  Staff assigned to data center asset management can be reassigned to other areas, downtime and performance generally improve (since most cloud service providers run tier-4 data centers to meet their Service Level Agreements), and business can save on power and maintenance associated with data center operation.  As customized solutions age, it may make sense to invest future capability in cloud based Software-as-a-Service options or to rebuild these solutions using a Platform-as-a-Service setup.

How Cloud Computing Works Well for Start-Ups and Small Organizations

Startups have significantly lower barriers to entry to the market place using Platform-as-a-Service as an operational strategy.  Startups with a business plan focusing on creation of web-based services can eliminate most costs associated with development software and hosting using Google AppEngine.  AppEngine is free to use up to certain (generous) usage levels, significantly reducing the risk exposure of these startups.  The startup gains a high availability service that scales correctly with increased demand (without any planning), making user adoption less likely to waiver from reliability issues.

Startups focusing on traditional product development can also make use of Platform-as-a-Service to meet a variety of computing needs especially custom simulation.  Simulations are computationally very intensive and crucial to the development of most new products.  As a result, startups previously needed to buy many servers for timely completion or burden a few servers with laborious simulations while suffering long processing times subject to crashes.  Either of these solutions led to cost and/or risk, but the implementation of a simulation hosted on a Platform-as-a-Service (or on Infrastructure-as-Service if the user has software licenses available) provider’s cloud abates much of the risk and potentially reduces cost to run simulation.  Under such a scenario, the startup spends time to develop a simulation model, but only pays for processing fees (which could be near zero if the simulation works on AppEngine platform).  It is critical to reduce hardware and software costs for a startup at the inception of their R&D cycle, and Platform-as-a-Service can certainly help meet this objective.

Startups and small businesses can further reduce costs my making use of Software-as-a-Service where appropriate.  The most common costs are productivity suites (e.g. Microsoft Office), which can be reduced by using Google Apps and Mail, etc.  Other candidates for reducing cost using Software-as-a-Service include things like payroll, accounting, taxes, and compliance reporting.  Making use of these hosted application services eliminates licenses, hardware, and staff maintenance requirements.

Using hosted development platforms and applications has an effect when evaluating the risk of the business.  A venture capital or private equity firm will realize a reduced investment risk profile for startups effectively using cloud based services as part of their business plan.  Since the initial costs are lower (and in the AppEngine case the operational costs are near zero) a lower risk adjusted rate of return can be applied to future cash flows increasing the net present valuation of the business.  This helps increase the likelihood of venture capital funding of the plan.

How Cloud Computing Works Well for Large Organizations

Large companies (i.e. General Electric, Mitsubishi, Bank of America, etc) receive the most benefit from internally use cloud computing in the form of a private or hybrid cloud.  A private cloud is an internally constructed cloud, allowing better utilization of the company’s data centers for its own stakeholders. A hybrid cloud is similar to a private cloud, but has one or more interfaces to other cloud providers for offloading (also called “bursting”) work during peak times, which occurs when the internal data center cannot quickly manage processing demand.   The size of these organizations means they have sufficient computing needs to allow justification for building their own cloud (an acceptable return on investment of time and equipment exists over the status-quo or using an externally hosted cloud).

In addition to immense computing needs, large companies also have their own software and a professional development staff.  Large companies often operate multiple data centers across their SBUs/Divisions.  These data centers operate with strong procedures and experienced staff.  Having all of this capability internal, further supports cost analysis in favor of building a private or hybrid cloud.  Every form of cloud computing could potentially make sense internal to a large organization.

Cost savings will come in two forms for a large organization depending on its cost model.  If access to hosted processing and data is not as important to the organization, (i.e. interruptions in service are acceptable to internal stakeholders or customers) realization of costs savings occur by consolidation of assets and reductions in force where appropriate.  That model will be rare as the fast pace of business continues to require quicker responses to the market place.  After all, businesses have already invested in costly staff training and high performance assets; releasing experienced staff to the market place is equivalent to giving your competitors an edge.  As a result, it will make sense for large companies to retain their data centers for redundancy purposes.  Creating one ubiquitous cloud spanning multiple geographies creates disaster resiliency and high availability.  In addition, cost models capturing appropriate availability shortage costs, will show long term ROI for geographically diversified clouds.

Summary

Infrastructure-as-a-Service will be the predominant cloud based service in the immediate future coupled with Platform-as-a-Service.   Infrastructure-as-a-Service has the least risk to implement and should be the first stage in any cloud services based roadmap (get staff used to working with remote virtual assets).  Infrastructure-as-a-Service maintains a very low risk to revert to the status quo or change providers since a Virtual Machine image moves with ease.   Platform-as-a-Service can carry a vendor lock-in risk if the programming languages are proprietary.  Creating code on these platforms creates a switching cost to use a different vendor.  Software-as-a-Service will become popular in a few years as entrepreneurs become more familiar with how to develop great services in line with consumers’ expectations (using more interoperable and open-data portability standards).

Some risks exist that will force an organization (large or small) to build their own private cloud – the presence of very sensitive data (i.e. SSNs, bank accounts, health information, formal procurement data, etc.).  The cost of sensitive data exposure necessitates maintaining a high degree of control for businesses, yet maintaining an inefficient data and computing paradigm will inhibit growth and put the business at risk.  As a result, cloud computing can be leveraged for businesses processing sensitive data, however, cloud computing should leveraged via a private cloud.


Network-as-a-Service (hosted network) will become a mainstream term used in the near future.  Companies such as Meraki are already moving down this road. If a company purchases Meraki wireless access points, they can manage their entire network operations via Meraki’s hosted interface.  More companies will emphasize IT Service Management (e.g. ITIL) in the near future and this will generate greater demand for Configuration Management Databases (CMDBs) that maintain all of the IT configuration information for an organization; doing this as a hosted service will provide many advantages.  Network-as-a-Service providers will enter the market selling routing hardware interfacing with their own cloud service.  This will enable companies reduce the burden of managing such services as Active Directory, DNS, and other core network and authentication services.


Great Sources for More Details



Cloud Computing and SOA Convergence in Your Enterprise: A Step-by-Step Guide is one of the best if you need a good overview of cloud computing.  Chapter 3 explains all of the most common service modes that a cloud can perform.  Chapter 4 provides a great framework to help start a brainstorm for analyzing outsourcing decisions of using cloud computing in an organization.









Cloud Security and Privacy: An Enterprise Perspective on Risks and Compliance (Theory in Practice) is a good overview of security and associated principles.  This book is a must have for those building a cloud, or developing in a hosted Platform-as-a-Service environment.










Programming Amazon Web Services: S3, EC2, SQS, FPS, and SimpleDB is a good review of what Amazon's cloud services are and how to make use of them.












Programming Google App Engine: Build and Run Scalable Web Apps on Google's Infrastructure (Animal Guide) is a good overview of the Google AppEngine.  I prefer the Dan Sanderson book over the other O'Reilly publication Using Google App Engine by Charles Severance, but they are both good and the best one will depend on your personnel preferences








I haven't reviewed much on Azure yet, but Introducing Windows Azure (Expert's Voice in .Net) is on my list of items to check out.  At a glance it appears to be the best source currently available.