Tag Archives: amazon

In Defense of the Cloud

Leave a reply

I can’t help but take notice of the recent string of cloud failures we’ve been hearing about this year. Blogger went down for about 20 hours last month and Microsoft’s BPOS hosted bundle also reported a significant amount of downtime. Perhaps the most notable was when Amazon’s cloud was overloaded with Lady Gaga fans clamoring to get her album for 99 cents.

All of this talk of cloud failure has once again called into question the reliability of the cloud. Can we trust it? Is it safe to put all of your valuable and sensitive data in the cloud? I think it is important to note that part of the reason these incidents get media attention is because they happen in the public space and many companies are often affected. This stands in opposition to on-premise systems that, when down, go without public notice because the incidence occurs behind closed IT doors.

The truth is that cloud computing has a proven track record of success. One that much outweighs the incidences of failure. So, is all of this negative attention really warranted?

You can see my full post on my CRM site, but here are some interesting numbers gathered from a study done by the Radicati Group in 2008. It looked at uptime for on-premise email solutions.

In the chart, you will see three popular on-premise email service providers compared with Gmail, a cloud-based email service provider. The finding show that there was an average of 30-60 minutes of unscheduled downtime for the on-premise systems. Compare that to Gmail’s 10-15 minutes.

What this data tells us is simple: servers will fail. Technology is not perfect. However, cloud companies are not less reliable, and in fact, it appears they are better at getting back online compared to their on-premise counterparts.

Cloud computing is still a relatively nascent technology. It seems we have got a good grasp on it, but there is always room for improvement. The goal would of course be for the system to operate at 100 percent all the time. Denis Pombriant of Beagle Research Group gives his take on where the cloud needs to go:

“If you’re going to have a truly robust and reliable infrastructure, you’re going to have to build much greater reliability into your systems,” he says. “Take electric utilities these days. They all have more generating capacity than is online at any one time because they take plants down, and then they put them up. They eliminate all of the obvious possibilities for failure. That’s what cloud computing has to evolve towards.”

What are your thoughts on the cloud? See the original post here.

Cloud Computing Is Like An Airplane

1 Reply

A cloud computing service is like an airliner – even though it can experience devastating crashes that affect many people, like Amazon’s crash last month, it’s still safer than driving your own car … or IT infrastructure.

That’s the rationale provided by Simon Crosby, CTO of Citrix, during a panel discussion on cloud computing during a keynote address at Interop 2011. Also on the panel were Randy Rowland, senior vice-president of product development at Terremark; Andy Schroepfer, vice-president of enterprise strategy at Rackspace; and moderator David Berlind, chief content officer at UBM TechWeb.

Berlind began the discussion by reviewing the recent cloud outages and attacks at Amazon – up to three days for some users – and the Sony PlayStation Network, which lasted several days and affected 100 million customers. Berlind also quoted data that found that every one second of latency costs financial trading firms $100 million over a year.

“Is this mission critical?” Berlind asked of the cloud infrastructure in light of these outages. “This is a confidence issue.”

“It’s like an airline crash,” responded Citrix’s Crosby, “but it’s still safer in an airplane than driving to work.”

Crosby then wondered aloud what the cloud or IT equivalent is of the Federal Aviation Administration, the airline industry’s regulator and watchdog. Without waiting for an answer, he continued with his analogy. “Broadly, you’re far better off in the cloud than doing things your own way,” he said.

Outages should be expected in the cloud from time to time, said Rackspace’s Schroepfer. To minimise them, operators should invest in backup, redundancy and resiliency.

“We’ve got to be willing to spend money,” Schroepfer said. “IT does go down.”

Application writers need to fully understand the infrastructure they’re developing programs for, said Terremark’s Rowland. Amazon’s Elastic Compute Cloud (EC2) service allows multiple instances of customer applications to run in so-called Availability Zones within a region; but analysts say it doesn’t provide the necessary tools to load-balance applications between regions, so customers have to use additional software on top of their Amazon instances.

“I don’t feel sorry for the application writer that doesn’t understand the infrastructure they’re writing to,” Rowland said. “They need to understand how it’s built, do their due diligence.”

The panel then suggested customers may want to run applications redundantly in two clouds instead of one. This may increase costs but will still be less expensive than building, owning, operating and maintaining an exclusive infrastructure, they concluded.

“The cost is never equal to internal” IT infrastructures, Crosby said. “You may experience three days of outage but you wouldn’t have existed otherwise.”

Berlind then asked the panel if cloud providers needed to be more transparent in their infrastructure operations and service-level guarantees, and whether those SLAs needed to be more comprehensive and standards improved. The panel concluded that it’s up to the customer and provider to negotiate a contract beforehand that is detailed and airtight.

“They’ve got to develop that relationship, which includes transparency,” Schroepfer said. “Customers have to trust the provider; they’ve got to believe they are fixing (any glitch).”

“The contract defines that relationship,” Rowland concurred.

Crosby then compared the SLA discussion to Apple’s App Store for the iPhone, in which applications are stored and run in the cloud and consumer satisfaction seems to be high. But then he said that environment is very different from cloud-based IT for enterprises.

“Again, what’s the FAA” for enforcing cloud SLAs? Crosby asked.

Source

Amazon’s Cloud Service Is A) Legal B) Illegal? C) Probably Here To Stay

Leave a reply

Amazon doesn’t have paperwork from the music industry approving its new cloud music service. Does it need it?

“Not at all!” says the e-commerce giant.

“Maybe?” Says the music industry. Adding: “We sure we wish they would have asked.”

We’re probably going to dive deeper into the legal intricacies of music licensing and cloud storage in the next couple days. For now, we can say that:

* Lots of people think a version of cloud-based storage and playback is OK, without licenses, under certain circumstances.
* Some smart people (like former e-Music CEO David Pakman) say Amazon’s method in particular is just fine.
* Others aren’t sure. A digital music distributor who sells music through Amazon, for instance, tells me his company’s contract only allows Amazon to deliver buyers a “permanent download” — defined as a copy of an MP3 to a “local storage device.” Does that cover the new service, which moves a copy of a file to a Web-based server? He doesn’t know. But it’s “annoying that a company would put their own partners in legal peril knowing the contentiousness of the music space,” he tells me.

Note that none of the big labels has actually come out and said, on the record, that Amazon is breaking the law. The complaints, on and off the record, are that Amazon hasn’t asked for permission.

Instead, Amazon has told the labels that it wants to use today’s launch as a starting point for a more advanced service, which would require licenses — and, presumably, a new revenue stream for the labels.

Amazon appears to be betting that the big music companies will end up coming around instead of going to court. If I had to bet, I’d wager that Amazon is right.

But the fact that Google is intent on launching its own cloud service, and that Apple may be right behind it, makes Amazon’s wager even higher-risk: If the labels don’t squawk about Amazon, how can they negotiate with Apple and Google?

Some housekeeping. Early this morning Amazon sent out a press release announcing the new service, and asked if I had questions. I did, but didn’t hear back from the company until late today. For the record, here’s our mini Q&A:

Me: Does Amazon have any licensing agreements in place with any music labels or publishers? If so, which ones? If not, does Amazon intend to ask labels and publishers for licenses?

Amazon: We do not need a license to store music in Cloud Drive. The functionality of saving MP3s to Cloud Drive is the same as if a customer were to save their music to an external hard drive or even iTunes.

Me: Does Amazon intend to make music playback available via iOS devices, either via browser or app?

Amazon: We have nothing to announce today about being on iOS devices but we are always listening to customer feedback and will continue to evaluate expanding to other operating systems and devices as the opportunity allows.

Me: What are Amazon’s plans for video playback?

Amazon: We haven’t announced any plans for video playback. Currently, when you save a video to Cloud Drive, you can then view it using using the player associated with the file format — just as you would if you saved it to your computer’s hard drive.

———————————

It’s also worth noting that mobile startup mSpot launched its own unlicensed cloud service last year (and has yet to be sued by the labels). I asked CEO Daren Tsui for this reaction to Amazon’s launch, and he sent me this statement:

Firstly, Amazon is offering a music in the cloud storage locker and player – and this is just one component of mSpot. We’ve had this feature out for almost a year, and in this time, we’ve learned a lot about our customers and what they really want. They want an experience that givesthem lyrics with the song, info about the band, discography, etc. We’re gearing up to roll out our second phase very soon – including a new music discovery that will be unique to the market.

We’re in a multi-device world. While Amazon has done a decent job of their Web player – this is obviously the easiest half of the offering. We don’t think they can compete with us on mobile for the following reasons:
– We’re on both iPhone and Android; when people store their collections online, they don’t want to feel they’re locking down their choice of phone as well.
– Leading mobile carriers like Verizon, AT&T and Sprint havebeen offering our mobile entertainment services to millions of their subscribers for years, under our white label.
– Why? Our technology is truly optimized for the mobile, which has different requirements than the Web. We offer music playback over 2.5G and 3G that feels local to the handset, (which is very hard to do); faster syncing and streaming; continuous connectivity to your music, even when you don’t have a connection; choice in how much music to store on your phone – all are not just nice to have, they’re essential.
– We believe our proven industry experience on the mobile gives us a big edge over Amazon, or even Google or Apple.

On that note: We would welcome an opportunity to challenge Amazon’s service on mobile usability – any time.

We’ve been out for almost a year on Android, and since December for iPhone. We have a significant lead with over 1 million downloads on Android alone. People have already taken the time to upload their collections into our service, and they love it.

We think we have a better service and in order to remove any price barriers we’re going to offer 5 GB free storage. Going forward, we expect that the market for storage will be very commoditized and price-driven; but unique music services like mSpot will appeal more to music listeners looking for a complete experience on both Web and mobile.

Source

Amazon Cloud-Player Rival Apple iTunes: Music Streaming Made Easy

3 Replies

With Apple up until now, really taking the number one spot for content streaming with their iTunes service, it has been announced that Amazon are now too joining the competition. Bring on Amazon’s new Cloud Drive with their streaming service Cloud Player, for web and Android experience, with the peace of mind that your music collection will never be lost to the hard drive crashing. Amazon’s new Simple Storage Service (S3) has made this possible with the files being put under lock and key with each file being uploaded to the Cloud Drive hub in its original bit rate.

The news announced today comes as no surprise as we knew that Amazon were upping their game as it were, and users will now be pleased to learn that with the inclusion of Cloud Drive, music, documents, photo and video content can be uploaded to the site’s storage area using the 5GB of storage which is initially free with 20GB being available if you buy an album from Amazon MP3.

Cloud Player for the web, on the other hand, will allow you with the aid of a computer web browser to listen to your music. Currently as Slashgear reported via Amazon’s official press release, that current platforms that can be used include Firefox, Google’s Chrome, Safari for Mac and Internet Explorer. Streaming your MP3 and AAC straight through to your personal computer, tablet or handset devices couldn’t be easier.

If we move swiftly onto Cloud Player and Android, Amazon’s new MP3 app will allow you to listen to your stored music on the Cloud Drive, with easy accessibility to search and browse for a particular piece of music or artist to then download it.

In a short statement from VP of Movie and Music at Amazon Bill Carr he said, “We’re excited to take this leap forward in the digital experience. The launch of Cloud Drive, Cloud Player for Web and Cloud Player for Android eliminates the need for constant software updates as well as the use of thumb drives and cables to move and manage music. Our customers have told us they don’t want to download music to their work computers or phones because they find it hard to move music around to different devices. Now, whether at work, home, or on the go, customers can buy music from Amazon MP3, store it in the cloud and play it anywhere.”

What are your thoughts on Amazon’s new service? Will you be using it?

Source

5 Most Surprising Things about the Cloud in 2010

Leave a reply

2010 was the year “cloud computing” became colloquialized to just “cloud,” and everyone realized “cloud,” “SAAS” and all the other xAAS’s (PAAS, IAAS, DAAS) were all different implementations of the same idea — a set of computing services available online that can expand or contract according to need.

Not all the confusion has been cleared up, of course. But seeing specific services offered by Amazon, Microsoft, Oracle, Citrix, VMware and a host of other companies gave many people in IT a more concrete idea of what “the cloud” actually is.

What were the five things even experienced IT managers learned about cloud computing during 2010 that weren’t completely clear before? Here’s my list.

1. “External” and “Internal” Clouds Aren’t All That Different

At the beginning of 2010 the most common cloud question was whether clouds should be built inside the firewall or hired from outside.

Since the same corporate data and applications are involved — whether they live on servers inside the firewall, live in the cloud or burst out of the firewall into the cloud during periods of peak demand — the company owning the data faces the same risk.

So many more companies are building “hybrid” clouds than solely internal or external, according to Gartner virtualization guru Chris Wolf, that “hybrid” is becoming more the norm than either of the other two.

“With internal clouds you get a certain amount of benefit from resource sharing and efficiency, but you don’t get the elasticity that’s the real selling point for cloud,” Wolf told CIO.com earlier this year.

2. What Are Clouds Made of? Other Clouds.

During 2010, many cloud computing companies downplayed the role of virtualization in cloud computing as a way of minimizing the impact of VMware’s pitch for end-to-end cloud-computing vision — in which enterprises build virtual-server infrastructures to support cloud-based resource-sharing and management inside the firewall, then expand outside.

Pure-play cloud providers, by contrast, offer applications, storage, compute power or other at-will increases in capacity through an Internet connection without requiring a virtual-server infrastructure inside the enterprise.

Both, by definition, are virtualized, analysts agree, not only because they satisfy a computer-scientific definition, but because they are almost always built on data-centers, hosted infrastructures, virtual-server-farms or even complete cloud services provided by other companies.

3. “Clouds” Don’t Free IT from Nuts and Bolts

Cloud computing is supposed to abstract sophisticated IT services so far from the hardware and software running them that end users may not know who owns or maintains the servers on which their applications run.

That doesn’t mean the people running the servers don’t have to know their business, according to Bob Laliberte, analyst at the Enterprise Strategy Group. If anything, supporting clouds means making the servers, storage, networks and applications faster and more stable, with less jitter and lag than ever before, according to Vince DiMemmo, general manager of cloud and IT services at infrastructure and data-center services provider Equinix.

Without bulletproof infrastructure, cloud computing is slow, he says, and end users won’t accept slow.

4. Tiny Things Make Big Differences

Virtualization enables many applications and operating systems to run on the same piece of hardware while thinking they each own the server themselves. The problem with that, according to IDC analyst Gary Chen, is that they all think they have the network interface and input/output bus to the processor to themselves, too.

On a server with a lot of guest OSes, the bottleneck to performance is no longer the speed with which data can move back and forth between the server and external storage; it’s the number of bits that can go through the data bus at one time, he says.

That’s one reason Virtual I/O is becoming a hotter topic, leading to what Forrester analyst John Rymer calls “distributed virtualization” — in which I/O, memory and other components are abstracted from each other as well as the guest OSes, and the definition of “server” changes to mean whatever resources an application needs right now.

5. “Year of Virtual Desktop, Wasn’t”

2010 was supposed to be the Year of the Virtual Desktop, as Microsoft, Citrix and VMware all competed to capture what analysts expected to be a wave of adoption from end-user companies.

Virtual desktops were a hot topic in 2010, but growth wasn’t nearly as big as analysts or vendors expected.

Instead of standardizing on virtual desktops and moving all their users immediately to make migration to Windows 7 easier, most companies adopted one of an increasing number of flavors of the technology, but only in places where it made most sense.

“We’re seeing a lot of tactical projects, but not a lot of strategic ones,” according to IDC analyst Ian Song.

That’s not to say there wasn’t a lot of growth or adoption of even DAAS versions. But 2010 was no tidal wave, Song says.

The two biggest reasons, he says, were the complexity and comparatively low ROI of desktop virtualization compared to virtual servers.

Another was the increasing focus even inside the enterprise of tablets, smartphones and other non-PC devices that have to be virtualized to become secure, reliable clients for enterprise applications.

“We’re expecting to hear a lot about that from Citrix and VMware and a lot of the phone companies after the first of the year,” Song says. “It’s going to be big.”

Source

Let A Thousand ‘Clouds’ Bloom

Leave a reply

Cloud computing has been making headlines and generating buzz for the past several years. Companies such as Amazon, Google and Microsoft have all placed big bets on public clouds, while traditional enterprise companies such as IBM, HP and EMC are pushing private clouds.

The future may involve more than one cloud model, even for some of the largest and most staid corporations, but being able to juggle the advantages of each while minimizing risks such as security or the inability to freely move data will require some new ways of thinking about technology.

Forbes caught up with Howard Elias, president and COO of EMC’s Information Infrastructure and Cloud Services, to talk about what’s changing and why.

Forbes: We’ve been hearing about cloud computing for years. Have any of the drivers of this technology changed?
Howard Elias: No, the driver is a higher level of efficiency in utilizing compute, network and storage resources. There is more flexibility in the use of the infrastructure and much more business resiliency. The applications can be set up on an efficient infrastructure and moved around. We’re trying to take the next step to a hyper-cloud model.

What’s the difference?
The hyper-cloud approach allows companies to have their own private cloud, deploy their applications and be highly flexible and resilient, and then have a set of service providers that have their own clouds. Customers can move their data and workloads between them. They may decide a service provider has a better cost model or better expertise in a vertical industry. Or a customer may say that for 70% of the year they only need a certain amount of performance capacity in their infrastructure and they will just buy capacity as needed.

What you’re really selling there is flexibility, right?
It’s the efficiency and the flexibility. Ultimately our view of the cloud is moving IT from a discrete set of capabilities to becoming truly a service. The CIO is really providing IT as a service instead of a discrete set of applications and servers.

And they’re looking at the value of data rather than just warehousing it?
Absolutely. I refer to this as putting the ‘I’ back in ‘IT.’ For a long time CIOs have been spending way too much time and budget on the technology—making sure the technology is highly utilized, well integrated, operating at full capacity and full availability. That accounts for about 70% of the IT budget for most companies. Most of the budget should be spent on business and application innovation.

But to make that work you also need to understand what data is necessary to keep and where you need to keep it, right?
That’s correct. Companies have been dealing with a dramatic growth of information. On top of that we’ve seen an enormous increase from compliance. The big issues are how you manage it all and protect it properly, ensure compliance of that data, and how can you offload your primary production systems in terms of data that is not used very often. The industry provides a host of technology and services manage that information, move it to appropriate tiers of storage, back it up and archive it. It’s probably best to get your information architecture in order before you start down the road to the private cloud. You really need a solid game plan for information management first.

The second challenge is around security. How do you deal with that?
Companies today do a combination of managing applications, data and infrastructure inside of their data center. They work with partners that outsource it. This is really no different in the cloud world. You still need very solid processes and business practices. We have an umbrella in this industry we call GRC—governance, risk and compliance—whether it’s inside your firewall or outside.

Where does virtualization technology fit in?
It’s a movable layer that abstracts the application and data flows from the underlying infrastructure. That allows you to abstract to a logical view rather than being tied to a physical infrastructure. It’s the most flexible way to implement a cloud. In a virtual machine environment we can make it even more secure.

Why?
Because with physical infrastructure the only strategy is to build a wider and deeper moat around your corporation’s four walls. Information has to move and it has to move outside your company. But just as important, information risk occurs even inside your company. Just having a bigger and deeper moat doesn’t protect your data any better. There are still people with access to information. It’s a matter of what they can do with that information.

But there are also different layers of cloud technology, right? Google Chrome is a lot different than an EMC, IBM or HP enterprise cloud architecture.
Yes, and there are some applications for which Chrome may be suitable. For many enterprise applications it will not be appropriate.

Are companies confused about cloud technology?
I think the trend is now heading away from confusion. There has been a lot of information put out there over the past couple years. Google, Amazon and Microsoft are packaging up a set of services and offering that as a public cloud. For limited uses that makes sense. But there also are private clouds with resource pools and the ability to have IT providers as a service, and with today’s technology you can implement that inside your data center. You can deliver that same efficiency with control of your own environment—where you put it, when you put it there and how it gets operated—along with choice of vendors and what you want to do inside and outside.

The Internet turned enterprise security on its head with multiple ways in and out of the enterprise. Is that changing with cloud models?
If the world was completely open and there was no way to lock down your physical infrastructure the only way you could deal with that would be to encapsulate the information, authenticate the identity, and then limit what people can do to that information. Can they open it, read it, delete it, download it? At that point the information can flow anywhere, whether it’s into a cloud or out of cloud.

How far along are companies?
The business of running IT is already virtualized. Phase two is where you virtualize your business and mission-critical applications. This is where you get the more flexible management of those applications. Most companies are well into phase two of that journey. Phase three is IT as a service. You have a virtualized infrastructure, you’ve virtualized your business applications, and now you add a management and security model and automation and orchestration where you truly have automated, policy-based, flexible management of your IT infrastructure. That’s where you really get cloud-like operations in a private cloud and even in a public cloud.

Is there resistance to this? It makes a lot of IT jobs obsolete?
That has been a concern inside some organizations. But this is no different than any other technology shift. On one hand it can be seen as a challenge to IT careers. On the other hand, it’s an opportunity. Inside our own IT department we’ve created new positions like data center architect or cloud architect. It’s no longer just managing a silo of storage. It’s thinking about it at higher levels.

Source

2010 Saw the Dawn of Nation-State Cyber Wars: Citrix CTO

Leave a reply

Citrix CTO Simon Crosby looks back at 2010 in the cloud computing sector–and ahead at what 2011 may bring–and isn’t very comfortable with a number of things emerging on the security side of that very hot business.

Crosby has become a go-to resource for knowledge in virtualization, cloud computing and data security. He was founder and CTO of XenSource prior to its acquisition by Citrix for $500 million in 2007. Previously, Simon was a principal engineer at Intel, where he led strategic research in distributed autonomic computing, platform security and trust.

It’s Crosby’s job as the CTO of an international enterprise IT provider to maintain a big-picture view of what the trends are, where they’re going and how they will affect companies making strategic IT plans.

It’s not necessarily cloud infrastructure issues that worry Crosby. It’s protection of stored data and access to servers that keeps him up at night.

“This was the year when nation-state attacks started to happen,” Crosby said. “You’ve got Stuxnet, you’ve got the Chinese government attack on Google, and you’ve got WikiLeaks. My take is that every CIO should be shivering in a state of panic.”

Everybody’s long been aware of denial of service attacks and their potential, but Crosby thinks many people have become indifferent to these events, believing such an attack won’t happen to them.

“All of these have profound lessons for us,” Crosby told eWEEK. “We’re in a space of hyper-innovation, and that’s fueled by Moore’s Law on the client and the server, and Moore’s Law helping the network, so we get the network effect of that. And the network effect of that innovation is unbelievable.

World’s largest cloud: Conficker

“If you look at the world’s largest cloud, it’s probably something called Conficker. It has probably 30 million CPUs. It requires something like 20 terabits of bandwidth, and it’s for hire. You can hire it today, and point it at anything you want,” Crosby said.

“Think cloud now. Every single one of those hosts up there that are infected with Conficker–and there are still millions and millions of them–are all out there, and they can be remotely controlled and instructed to do something. It’s similar to the way the anonymous guys at WikiLeaks have been getting people to download and attack payload, and then they can remotely point that attack payload at any site they want to attack.”

For example, anonymous hackers have been able to put together an attack of 10GB per second and point it at Visa, PayPal, Amazon and a couple of other places to shut them down for various times, Crosby said.

“Conficker is still out there, and that’s 28 terabits/second. If that thing was pointed at any U.S. national interest or any national interest, it would go down in a heartbeat,” Crosby said.

So why hasn’t this happened yet, if there are people in the world devious and knowledgeable enough to activate this dangerous weapon?

“Well, it hasn’t yet for the same reason that nobody has launched an atomic bomb–it’s that big, right?” Crosby said. “It turns out that most of the Conficker stuff is relatively straightforward–denial of service and blackmail stuff in the hands of organized crime.

“But the scary thing is that this was the year [2010] that nation-states started to engage in cyber war actively–and everybody saw it for the first time.”

The Stuxnet worm, which appeared in July 2010, was a prime example, “wreaking havoc on the Iranian nuclear facilities,” Crosby said.

Stuxnet exploited four zero-day vulnerabilities in Windows and a vulnerability in Windows’ Print Spooler service to do its dirty work. Early versions of the virus abused Windows’ AutoRun feature in an effort to infect industrial control systems, Symantec revealed in September.

“The interesting departure [this year] is that we have started to see nation-states play an active role in these attacks,” Crosby said. “That is more threatening than the traditional bad guys who spam you with email or blackmail the gambling sites to say, ‘Your site’s going to be down until you pay me some money.’ ”

Crosby said that all these concerns point to the cloud as the best place to maintain a “survivable” application.

“Here’s a good example: Visa was nailed by the anonymous crew on WikiLeaks. But Amazon didn’t even blink when Anonymous pointed 10 gigabits of traffic at it. Amazon has this massive cloud that’s redundant, has multiple availability zones spread around geographical regions, and so on. So if you want to make your application survive a big attack, the place to run it is called the cloud.”

This is probably counter to what most people think in response to these attacks, Crosby said.

“Most people are going to want to close all the boundaries, run a private cloud, and get my head down in my bunker and hope that I’m secure,” he said. “But in that situation, you are more vulnerable than if you are automated. People are running around your infrastructure with USB sticks and everything else. That’s how WikiLeaks happened.”

When nation-states start pouring defense budget-sized amounts of money into cyber war, then we will see “very interesting attacks,” Crosby said. It has been estimated that it cost somebody “on the order of $10 million” to build Stuxnet, for example, Crosby said.

“We don’t know where it [Stuxnet] came from, but it’s pretty clear that it was organized by a nation-state because of the sophistication of the attack,” Crosby said. “Most attacks use a single vulnerability; Stuxnet used four–four that were previously unknown to anyone, including Microsoft. So that basically suggests that somebody had the Windows source code and used it [for that attack].”

Access to source code a major problem

Many governments have access to this source code, he said. Stuxnet also targeted very specific enterprise devices, Crosby said, and was not aimed at the average consumer.

“It was clearly targeted for political reasons, it cost a lot of money to do, and it was very robust,” Crosby said. “It still has not been cleared; it’s out there causing havoc.”

This trend is going to make IT managers sit up and take notice, he said.

“You may say, well, I have good people and procedures in place, but the more people you have involved, the more vulnerable you are–either through mistakes or deliberate sabotage,” Crosby said.

“That basically says you need to get on the cloud.”

Bradley Manning, the U.S. military IT assistant implicated in the WikiLeaks controversy, used a USB stick on a PC to access most of the information that ended up being published on the site.

“Now, if that organization had been using desktop virtualization, that would never have been allowed to happen. Every single device on every client is policy controlled for access, and you can shut these off. Any properly automated cloud would have prevented WikiLeaks from happening,” Crosby said.

Prior to founding XenSource, Crosby was the founder of CPlane Inc., a network-optimization software vendor, where he held a variety of executive roles. Before CPlane, Simon was a tenured faculty member at the University of Cambridge, UK, where he led research on network performance and control, and multimedia operating systems.

He is author of more than 35 research papers and has patents on a number of data center and networking topics, including security, network and server virtualization, resource optimization and performance. In 2007, Simon was named one of InfoWorld’s Top 25 CTOs.

Source

Cloud Computing Sets Stage for Corporate Legal Battles

1 Reply

If data is sitting in three jurisdictions, what laws apply to it?

Dubai: Tighter budgets, less capital investment and fewer IT staff in the corporate world are expected to boost cloud computing storage demands past $1 billion (Dh3.67 billion) per year in the Middle East in a third-party global storage market worth $68 billion annually.

As the global number grows to $150 billion a year by 2014, some observers warn the amount of money saved through offsite data storage solutions may not be worth the cost-cutting measures if costly legal disputes arise between corporate customers and the cloud storage providers.

Especially when storage facilities containing sensitive corporate data are located in one or more data centres in countries other than that from which the complainant company exports in-house data to external servers.

Paul Allen, Senior Legal Consultant with the Intellectual Property and Technical Group at law firm of DLA Piper, said companies need to weigh possible downsides of contracting out to a cloud storage providers.

In instances where a large corporation commissions a third-party firm to construct a cloud data centre on its behalf, Allen said there is more latitude for the company to protect itself with a relatively iron-clad business contract outlining the conditions of the build-to-operate relationship.

As part of the contract negotiations, the “parties can agree where disputes can be resolved,” Allen told Gulf News.

Protection

However, other flexible cloud computing services offered and hosted by cloud storage firms with servers in multiple countries may not have the same protection.

Allen said that “in a cloud computing context it is likely that [resolution conditions] will be decided by the provider and not the customer.”

He didn’t rule out that there will come a time when a large-scale dispute will draw attention to the issue of storing sensitive information on remote cloud storage servers.

“It’s likely we will have some high-profile cases that consider issues arising from cloud computing,” Allen said. “It will take one high-profile problem to precipitate a legal battle.”

Retrieving data or seeking compensation in cross-border data storage disputes may be extremely difficult given that data protection laws may only apply in the jurisdiction in which the data is stored.

A UAE company, for example, that hires a cloud storage firm to store its information on external servers could soon find itself subject to laws of other countries where computer servers containing the data are housed.

“As a customer, you don’t know exactly where that service is being provided from,” Allen said, adding that services are “probably being provided from a variety of different locations around the globe.”

Portions of the same data bundle from one company could be sitting on cloud services servers simultaneously in the UK, India and the United States and subject to three varying degrees of data protection laws.

Jurisdictions and laws

“You won’t know, because the servers won’t give you that level of detail. If your data is sitting in three different jurisdictions, what laws apply to that data?” Allen said.

In March of this year, technology research firm Gartner Inc, warned companies to be careful when moving to cloud computing services.

The company said in a statement: “Through 2012, 60 per cent of virtualised servers will be less secure than the physical servers they replace. Although Gartner expects this figure to fall to 30 per cent by the end of 2015…many virtualisation deployment projects are being undertaken without involving the information security team in the initial architecture and planning stages.”

Neil MacDonald, Vice-President and Gartner fellow said that, “Virtualisation is not inherently insecure. However, most virtualised workloads are being deployed insecurely. The latter is a result of the immaturity of tools and processes and the limited training of staff, resellers and consultants.”

Dr Joseph Reger, Chief Technology Officer at Fujitsu Technology Solutions, said cloud computing has suffered a hit following the latest WikiLeaks controversy surrounding the release of 500,000 confidential government cables around the home.

Bad news

“Amazon’s reaction in particular presents a big risk for the development of the IT market. The provider simply cut off cloud services for WikiLeaks — that is, its server capacity, which made WikiLeaks available on the internet. Amazon’s reason: WikiLeaks violated its terms and conditions. This is bad news for the new IT paradigm of cloud computing.

“If a provider can terminate its service that easily, based only on allegations of a contractual breach, then it is doing exactly what sceptics expect: putting the security and availability of cloud services into question,” Reger said in a statement.

Source

Tech Hopes to Get Companies on ‘Cloud Computing’

1 Reply

Even a business operating in the clouds needs someone on the ground.

In Alaska, Nate Gates is aiming to be what he called that “local throat to choke.”

Gates founded Cloud 49 in July after four years as chief information officer for Chenga Corp., an Alaska Native village corporation, and his preliminary expectations have been exceeded as state companies explore and embrace cloud computing technology.

“We thought it would be a slow road the first 12 to 18 months,” Gates said. “The Lower 48 is running full bore toward the cloud right now. We’ve been very surprised from the response we’re getting (in Alaska). Everyone is feeling budget crunches, nobody has capital right now, but their IT infrastructure still aging.”

Cloud computing — the remote hosting of both software and physical infrastructure such as servers and data storage — has three major components: infrastructure as a service, software as a service and software development platforms that use the cloud infrastructure to deliver programs such as web-based applications.

Cloud computing changes the paradigm of information technology from one that is heavy on up-front capital expenses and ongoing maintenance to one that is a pay-as-you go model like an electric utility.

“It’s going to change everything,” Gates said. “In the industry, no one disputes it will change everything. The only debate is about how long it will take.”

Cloud 49 offers what Gates called “tailored cloud solutions” that can include matching a client up with the right cloud hosting provider, suggesting the best existing applications for a particular business or designing an application specific to that business.

With a background in Native corporations — he was also an IT manager for Arctic Slope Regional Corp. and its subsidiary PetroStar — Gates knows about the unique needs of Alaska businesses.

“They (ANCs) have a disproportionate benefit because their employee base is so distributed because of the federal contracting they do,” Gates said. “They have employees spread all over the world. Hosting those services in Alaska doesn’t make sense. The Native corporations’ business model lends itself to cloud computing.”

Gates is working on software development specific to Native corporations, such as shareholder management programs and scholarship tracking.

Major players in the tech world are already heavily involved in cloud computing, including Google, Yahoo, Amazon, IBM and Microsoft. What Cloud 49 can offer is the knowledge that Rackspace might be a better cloud provider to a small business while a larger company may be more suited for OpSource.

“We keep our thumb on the heartbeat of the cloud,” said Gates, whose business partner is Kevin Dobson, formerly Dell’s major account manager in Alaska. “We are dedicated to being cloud experts for corporations.”

Defining the advantages of cloud computing over traditional IT is can be as simple as comparing the performance of Google mail (or Gmail) to a normal corporate, in-house email running off Microsoft Outlook and a server tucked in a closet.

Not only is Gmail more reliable than typical internal corporate email, it doesn’t come with licensing or maintenance or replacement costs. Gates compares it to the turn of the 20th century before a national electric grid when large factories had independent power supplies.

“At the beginning, that was a competitive differential,” Gates said of the stand-alone power he compared to a company’s independent server platform. “Then it became a cost inhibitor.”

Gates said his partner Dobson saw the “writing on the wall” while at Dell serving accounts worth $10 million or more in Alaska.

“Why would I continue to spend thousands on servers when I can rent as much server space as I need from the Internet?” Gates said.

Security of data storage is a frequent question about cloud computing, which Gates answers with another simple analogy — your safety deposit box at the bank.

“Take a step back and there’s a wall of stuff with everyone else’s most valuable things around yours,” he said. “The reason you do that is you count on the consolidated risk that the bank undertakes forces them to spend disproportionately on risk mitigation.

“They have to make a vault, alarm systems and secure that because the risk is consolidated. You feel more confident putting it there rather than under your mattress or in a gun safe in your garage. Multi-tenancy is not a lack of security. It is more security.”

In terms of reliability, Gates said service level agreements guarantee performance or the customer doesn’t pay.

“Ask your company IT guy if he can guarantee you the reliability 99.9 percent of the time,” Gates said. “You can’t.”

Gates is also trying to piggyback on the national marketing programs now on the air from Microsoft. Cloud 49 timed its market push to coincide with Microsoft’s and now has an opportunity to educate potential customers who may be hearing about cloud computing for the first time.

“You’re not going to see any less about the cloud than you are right now,” Gates said. “Microsoft and IBM have mobilized a little faster. It is all about the cloud going forward. It is dominating every technical expo right now. It is changing the technical ecosphere.

“It gives us a push as far as the buzz goes; it also gives us a chance to define it — you’ve heard about the cloud, here’s how it can help your business and how it can help you in Alaska.”

The possibilities are virtually endless, and the savings to a start-up business can be tremendous, he said.

“We’re selling something that has an immediate effect on business,” Gates said. “It’s not some gray area like, ‘You’ll be more efficient.’ I’m talking about reducing your (total cost of ownership) by 50 percent in the first year. For start-ups in general, if you can start a business and don’t have to hire an IT guy, buy servers, pay for licensing, but start virtually in the cloud — how much better off are you than your competitor who has $100,000 in overhead on Day One?”

Source

The Bumpy Road to Private Clouds

Leave a reply

When we first heard about cloud computing, public clouds got most of the attention. But as IT managers looked at the security risks of having data outside the corporate firewall, they turned their attention to private clouds, which analysts and various surveys suggest will get more enterprise investment in the next few years.

But private clouds have their share of challenges too. There are management issues and operational processes to figure out. And, of course, an on-premises private cloud needs to be built internally by IT, which takes time, money and a climb up the learning curve. Indeed, the transition from a traditional data center — even one with some servers virtualized — to a private cloud architecture is no easy task, especially given that the entire data center won’t be cloud-enabled, at least not right away.

(While we generally think of a private cloud as being inside a company’s firewall, a private cloud can also be off-premises — hosted by a third party — and still remain under the control of the company’s IT organization. But this article is only about on-premises private clouds.)

Also, despite the hype you might hear, no single vendor today provides all of the software required to build and manage a real private cloud — that is, one with server virtualization, storage virtualization, network virtualization, and resource automation and orchestration. Look for vendors to increasingly create their own definitions of private cloud to fit their product sets.

Moreover, you’ll have to determine whether your staff has the experience and skills required to support a private-cloud environment, or whether you need to hire someone who has been involved in building private clouds.

Not a Traditional Data Center

Many IT managers equate a private cloud with virtualization. What they describe is usually virtual infrastructure, meaning that “you can treat your servers, storage and networks as a single pool of resources that workloads can request on demand,” explains Tony Iams, an analyst at Ideas International Ltd., an IT research firm.

But virtualization and the cloud aren’t the same thing; to be considered a cloud, the architecture must be set up to provide resource orchestration and automation on top of the virtualization layer.

Orchestration is the coordinated delivery of many types of resources, such as processors, storage and networks, to provide an integrated provisioning process. It means that resources can be delivered in minutes rather than days or weeks. A single command or request causes a number of actions to occur, possibly in a specific sequence, to coordinate the provisioning request.

The whole point of a private cloud is to allow IT managers to reduce costs and provide so-called agile provisioning rather than just making management of the infrastructure more convenient. A private cloud with virtualization underpinnings turns the technology infrastructure into a pool of resources that can be provisioned on demand with minimal manual labor.

Are You Ready? Probably Not

Forrester Research estimates that only 5% of corporate IT shops are really ready to offer private cloud service. A recent Forrester report by analyst James Staten says that your IT operation is “cloud-ready” if:

* You have standardized procedures for the deployment, configuration and management of virtual machines.

* You have turned over the deployment and management of virtual machines to automated tools.

* You provide self-service access for end users.

* Your business units are ready to share the same infrastructure.

Before moving toward private clouds, IT shops must become even more efficient at server virtualization. Most IT departments lack consistent procedures for tracking the deployment, usage and ownership of virtual machines; that leads to “virtual machine sprawl,” which will cancel out the economic savings of a private cloud, Forrester says.

IT shops also need to learn to manage the entire pool of virtualized servers rather than single virtual machines or workloads, the report adds.

Once your virtualization house is in order, Forrester suggests the following steps to get started with a private cloud:

* Begin with noncritical workloads to show that it works.

* If a business unit is willing to invest in cloud computing, set up a brand-new cloud environment just for them.

* Get executive support — actually, a mandate — so that business units will share the pool of virtual resources.

* Show the benefits, such as dramatically faster deployment and lower costs.

* Embrace public clouds that can supplement your internal cloud.

In a traditional data center setup, “every time you add a server, somebody has to walk to a firewall console, set up firewall rules, attach the server to a VLAN, set up load balancing” and do many other tasks, explains Jeff Deacon, cloud computing principal at Verizon Business, a unit of Verizon Communications Inc. that provides managed services. But a private cloud needs little human intervention other than bringing in new computers or storage to keep up with demand. In a cloud environment, there is one console that lets operators set parameters to automate the entire process, rather than requiring IT personnel to log into different consoles for security, networking and server operating system functions.

Another big difference between private clouds and traditional data centers involves IT processes, which probably need to be revamped for a private cloud. Today, for example, to provide computing resources, IT organizations typically have to get budget approvals, discuss the implications with storage, network and server groups, and fill out tons of paperwork. This type of process is in stark contrast to the streamlined, short-duration provisioning done in clouds. The time-to-provision may go from weeks in the traditional data center to minutes in a cloud.

The systems running older applications may need an overhaul too, if they’re based on mainframes and proprietary Unix platforms. Most virtualized environments, including private clouds, are geared to run on x86-based systems. Also, in a virtualized environment, you generally don’t know exactly where an application is running at any given time. Because most legacy applications are tied to a specific platform, running them in a private cloud will often require re-architecting them.

Divorcing applications from the hardware is a hallmark of clouds, including private clouds. In a traditional data center, you might have 10 servers running billing applications, and five other servers running customer data apps. But with a private cloud, it’s not known ahead of time which servers will run which specific applications. The applications run on whichever servers have free cycles at the time the apps need to run.

Private clouds involve two groups of people: the IT operations staff and the business users who want to run applications. A private cloud gives business users the opportunity to quickly provision a server and run an application when they want to, without human intervention.

The IT operations staffers have to make sure that sufficient resources are available for the type of on-demand computing that business users have heard is available with public clouds, and that usually means that the wait for user-requested resources is minutes, not days. Anything short of this, and end users won’t be happy.

By the Numbers

Private Clouds: Pros and Cons

What kind of cloud computing are you planning or implementing?

* No clouds under consideration at this time: 53%

* Private cloud only: 18%

* A combination of public and private clouds: 17%

* Public cloud only: 12%

Base: 155 IT managers

What do you see as the advantages of private clouds over public clouds?

* 1. Better security/control

* 2. Self-service provisioning

* 3. Little or no learning curve for end users

* 4. Better or more-efficient scaling

Base: 54 respondents planning or implementing private clouds; multiple responses allowed.

What do you see as the drawbacks of private clouds compared to public clouds?

* 1. Having to build it all internally: time, cost, learning curve for IT

* 2. Scalability

* 3. Having to handle virtualization, automation and orchestration

Base: 54 respondents planning or implementing private clouds; multiple responses allowed.

What’s the most challenging part of implementing a private cloud?

* 1. Software licensing/pricing issues

(tie) Finding tools to help us build our cloud

(tie) Ensuring economies of scale

* 4. Finding tools to help us manage our cloud

* 5. Making it all work together (interoperability)

(tie) Technology obsolescence

* 7. Lack of cloud standards

Base: 54 respondents planning or implementing private clouds; multiple responses allowed.

Source: Computerworld online survey, November 2010; Research assistance provided by Mari Keefe, editorial project manager.

This is what private clouds are all about: providing the on-demand elasticity of public clouds, but doing it within the company’s firewall.

By the way, business users may expect private clouds to act like public clouds. In a public cloud, the public cloud provider’s IT operations group is responsible for the computer infrastructure, and the customer’s business application groups manage and monitor their own applications on the public cloud. If the private cloud is expected to operate in a similar manner, then the IT group may need to give up its traditional application-management role.

Getting Started

The first step down the path to a private cloud is to go beyond server virtualization. Iams outlines these subsequent steps:

• Virtualize your storage and try to achieve the same flexibility with storage that you already have with virtualized servers.

• Coordinate server virtualization and storage virtualization using management tools such as Microsoft Corp.’s Windows Azure Storage or VMware’s vStorage.

• Virtualize your network infrastructure and, again, coordinate that with your management tools.

You know that your infrastructure has been fully virtualized when you have server virtualization, storage virtualization and network virtualization. The crossover point from a virtual infrastructure to private cloud comes when you have the management tools that treat all three types of resources — servers, storage and networks — as a single pool that can be allocated on demand.

Of course, all this is from a technology point of view. Iams says that there is a parallel set of steps from the organizational perspective, including people, processes, governance, policy and funding. One key question: What does a private cloud structure do to budgets and financial flow within an organization?

Public clouds require users to pay only for what they use. Because a private cloud doesn’t provide users with a fixed amount of capacity like they may have had with a traditional data center, chargeback is almost certain to be an integral part of private cloud environments. Chargeback is a way of rationing computing resources, which is especially important when obtaining resources is as easy as filling out a Web form.

Paul Cameron, head of enterprise services at Suncorp Group, a major financial services provider in Brisbane, Australia, says that when his company began planning its private cloud, it created a service-based operating model and a service catalog. The service catalog contains the list of services being automated for internal use and is available to business users via a self-service portal.

A key to building that catalog was storing information about Suncorp’s assets and business application relationships in a configuration management database (CMDB). All of Suncorp’s major IT processes — incident, problem, asset and change — use the CMDB.

Populating a service catalog can be time-consuming. But if you’re using IT service management and change management tools such as BMC Software Inc.’s Remedy product line or Service-now.com and have a CMDB in place, it can be easier. You can work through the appropriate services in the CMDB to provide the automated services listed in a service catalog. This is what Suncorp is doing with its BMC Remedy-based CMDB.

Cameron says that Suncorp deployed a private cloud to provide better and faster IT provisioning to business users. Suncorp users can go to a self-service portal and request resources and services. Once the requests are made, the fulfillment of these services is automated. Cameron says that about 80% of Suncorp’s data center services are now covered by automated self-service portals.

While private clouds are pitched as ideal for companies concerned about security and regulatory compliance, Cameron cautions that private clouds force implementers to rethink how they do security. For example, traditional firewalls won’t always provide satisfactory security in cloud environments where workloads can be moved around to less-secure portions of the network. So Suncorp is now virtualizing its firewalls.

Keeping Up With Demand

Jeffrey Driscoll, a systems engineer at consultancy Precision IT Group LLC, says the basic building blocks of a private cloud are servers, storage (such as a SAN) and virtualization software. “Then you start building a cluster,” he says, and after that cluster is complete, “capacity planning becomes critical.”

Capacity planning involves figuring out what happens when you add servers and other resources to the cluster as needed to keep up with business demand. Capacity planning is a major component of the cluster and the cloud’s performance. If it’s done wrong, you might end up with useless systems or have to shoehorn-in traditional, noncloud systems to keep things running.

Most organizations aren’t good at monitoring and keeping ahead of capacity. To be able to satisfy user demands, you always need to have some extra capacity on the data center floor, which results in a certain amount of hardware sitting around in idle mode. Keeping a history of capacity usage in your enterprise can help you be reasonably confident that you have sufficient — but not too much — capacity.

One solution is to create a hybrid cloud environment and move requests for capacity to public clouds, such as Amazon.com Inc.’s Elastic Compute Cloud, when capacity isn’t available in the private cloud.

Once the cluster is up and running, you can start provisioning virtual servers. The result is a tiered architecture with a server layer, a network layer and a virtualization layer. There is a management tool at each layer. “Now you can start thinking about automation,” Driscoll says.

Storm Clouds On the Horizon

Building your own private cloud involves some challenges, including the following:

* Budget. Private clouds can be expensive, so figure out the upper and lower bounds for your return on investment.

* Integration with public clouds. Build your private cloud so you can move to a hybrid model if you need public cloud services. This will involve making sure systems are secure and verifying that you can run your workloads in both places, among other things.

* Scale. Private clouds usually don’t have the economies of scale that large public-cloud providers provide.

* On-the-fly reconfigurations. You may have to tear down servers and other infrastructure — while it’s still in use — to move it into the private cloud. This could create huge problems.

* Legacy hardware. Leave your oldest servers behind. Don’t try to repurpose any servers that require manual configuration with a private cloud, because it would be impossible to apply automation and orchestration management to these older machines.

* Technology obsolescence. The complexity and speed of technology change will be hard for any IT organization to handle, especially smaller ones. Once you make an investment in a private cloud, you need to protect that investment by staying up to date with new releases of software components.

* Fear of change. Your IT team may not be familiar with private clouds, and there will be a learning curve. You may need to create some new operational processes and rework some old ones. Turn this stressful situation into a growth opportunity for your staff, reminding them that these are important new skills in today’s business environment.

You’ll need to acquire management tools that can bridge the physical infrastructure and the virtual infrastructure. So choose tools that let you see the same view across execution environments.

One layer of management is the infrastructure, which includes managing virtual machines, storage, backup/recovery and so on. While vendors often claim that their products are targeted at private cloud infrastructures, they sometimes use a very loose definition of “cloud,” so carefully investigate the functions of each product.

The second layer, service-level management, involves managing workloads at a level of abstraction above virtual servers. This is where automation is applied. It is also where traditional management tools such as IBM’s Tivoli and Hewlett-Packard Co.’s Insight work within the private-cloud stack. Vendors that claim to have automation management tools include IBM Tivoli, HP, CA, LineSider Technologies, DynamicOps, VMware and BMC.

Iams says that almost all system and hardware vendors are pursuing some type of virtualization or cloud management tools. Microsoft’s System Center management product, for example, offers visibility into hypervisors and virtual servers.

But Iams says you should plan on managing multiple hypervisors, such as VMware’s ESX, Microsoft’s Hyper-V, the open-source Xen, and various implementations of the Linux KVM (Kernel-based Virtual Machine). Microsoft can manage Hyper-V virtual servers and some aspects of ESX virtual servers. Other cloud vendors, such as VMware and Red Hat Inc., can also manage virtual machines created by multiple hypervisors. Ideally, you want to control multiple hypervisors from a single interface.

Buy or Build?

The downside of commercial, off-the-shelf tools is that they will likely need to be customized to work with your environment. On the other hand, the downside of rolling your own tools is that your in-house IT group will need to maintain them and make feature enhancements. One alternative to homegrown tools is building mixed-component cloud stacks by acquiring various third-party components and putting them together. The question then becomes: Who do you call when there’s a problem?

You could choose to go with a single provider, such as Microsoft or VMware, but that can result in vendor lock-in.

Open-source software — from the OpenStack project and from vendors such as Abiquo, Cloud.com, Eucalyptus Systems and Red Hat — is a good choice for building private clouds. The software is essentially free and provides more flexibility than proprietary software licensed on physical CPUs. For example, proprietary software can create difficult licensing issues when migrating virtual machines from host to host.

Each alternative has its pluses and minuses, so weigh your options carefully, because switching gears once you’re already under way is expensive and time-consuming. Don’t lock yourself into a single vendor’s cloud stack. In particular, avoid vendors with cloud stacks that perform well when using only their components. Reserve the option to plug in third-party or homegrown tools.

Industry Players

Here’s a sampling of vendors that claim to have tools for building private clouds.

* BMC Software Inc. (Cloud Lifecycle Management)

* CA Inc. (3Tera AppLogic)

* Cisco/EMC/VMware (Vblock)

* Citrix Systems Inc. (Citrix Open Cloud)

* Cloud.com Inc. (CloudStack 2.0)

* Dell Inc. (Virtual Integrated System)

* Enomaly Inc. (Elastic Computing Platform)

* Eucalyptus Systems Inc. (Eucalyptus 2.0)

* Hewlett-Packard Co. (BladeSystem Matrix)

* IBM (CloudBurst)

* NewScale Inc. (NewScale 9)

* Platform Computing Corp. (Platform ISF)

* Tibco Software Inc. (Tibco Silver)

* VMware (vCloud)

Source: Forrester Research Inc., August 2010

So far, it isn’t possible to buy one commercial product that will do everything IT managers need to do for private clouds. You have to stitch together a number of different products from various vendors and place your own user interface on the front end.

But Verizon Business’ Deacon says that more-sophisticated enterprises are integrating multiple management tool sets — for instance, HP’s Server Automation suite and BMC’s Patrol suite. Security, firewall, networking and storage elements can be orchestrated from within both HP and BMC suites. IT shops that don’t link multiple tool sets may have to write a lot of their own software to get the necessary automation capabilities.

Is single-console management a real possibility for private clouds? Not everyone will be able to get by with just one console, says Iams, but even two or three consoles would be a huge improvement over the dozen that some shops use today.

Deacon says that single-console management is in the cards, noting that Verizon Business has built a high-level console management layer that collects data from VMware vCenter Server, HP Network Automation and HP Virtual Connect, among other products.

Vendors Will Consolidate

Frank Gillett, an analyst at Forrester Research Inc., isn’t so optimistic. “It is unrealistic to think that we are going to get many of these management tools to work together,” he says. Instead, he predicts that over time, the market will shrink dramatically through acquisitions, leaving a handful of vendors that will offer “much more integrated capabilities.” And some IT managers prefer large, established vendors for cloud technology because they can’t trust their data centers to start-ups that may not be in business in a year or two.

Deacon agrees that consolidation is likely as large companies like HP and IBM buy up cloud-based start-ups and add the new software to their existing portfolios. That’s what HP did with its acquisition of OpsWare. Similarly, BMC absorbed BladeLogic, and CA has been on a buying spree, acquiring Nimsoft, Oblicore, 3Tera and others.

IT shops need federation and interoperability, Gillett adds, “and we are very early in those efforts. We may be able to bring private cloud management tools together, but it will be a messy interim period.”

Yet during that period, IT shops will be under enormous pressure from business users to engage in cloud computing. If the data center operations group can’t respond quickly with a private cloud, then business users will look at public clouds. To successfully compete with public cloud providers, IT departments will need to deploy similar services in-house, and those private clouds will have to be better and more attractive to use than public clouds.

Source