Tag Archives: Private Cloud

Virtualization Versus A Private Cloud

Leave a reply

Since the mid 2000s one of the prevailing trends in the IT world has been to move networks, data, operating systems and servers into an environment where they are not tied to a specific piece of hardware.

In the early days the emphasis was on virtualisation. Organisations concentrated on increasing the number of servers on one machine using a hypervisor program with the activities kept in-house.

More recently there has been an emphasis on cloud computing, with more functions passing into the hands of a third party. The latter includes the option for a private cloud, dedicated to one enterprise.

Virtualisation and private cloud strategies are sometimes confused, not helped by the varying definitions.

The strongest distinction is that virtualised technology is a fixture of an IT estate while cloud computing is offered as an on-demand service, for platform, infrastructure or software, available on a pay-as-you-go basis.

Cloud is currently drawing more attention, with the government opening the Cloudstore for the public sector and a stream of big deals in the private sector, recent examples being at Deloitte and Proctor & Gamble.

But there is still a steady, if more low key, move to virtualised environments, with recent deals for organisations such as Thames Water and Medway NHS Trust. Also, Forrester has recently predicted a rise in demand for data virtualisation technology.

As organisations consider which route to take they have to look closely at which is better to meet their business needs.

This can be difficult, not least because both are often described in language which bears little relation to business processes, but there are a number of factors that should be taken into account.

Costs offset

Cost is the most obvious. It will be higher for virtualisation as it involves a considerable amount of work in setting-up and customising, while the provider of a cloud service has already borne these costs.

The latter also provides the scope for efficiency savings through the utility computing model, in which the customer only pays for what they use; but if the service is heavily used the costs can increase and begin to offset the initial savings.

This is unlikely to be the case for many organisations, but there are times when it is cheaper to own the asset.

Virtualisation can provide clear advantages if an organisation needs a high degree of control. Keeping operations within its own data centre can make it easier to manage and make changes to its IT environment, providing more flexibility.

This can be important if it runs a number of specialised applications that have to be tailored to the platform, and if it wants to respond to changes in the use of technology.

It could also be a significant factor for organisations that are increasing their use of remote technology or adopting a BYOD policy.

Greater control is also relevant to the concerns around data security.

There is no doubt that cloud providers take the issue very seriously, and they will offer service level agreements that provide strong guarantees on the integrity of the data they hold.

But the more sensitive the data the greater the anxieties and some organisations will get more assurance from holding it in their own facilities, where their own people are in charge day to day.

The control can also provide more assurance around the management of risk around legal and regulatory issues.

Downtime factors

Reliability is also the subject of a debate that is difficult to settle. In a virtualised environment the loss of the network connection can cut access to multiple servers; but there could be a similar problem for a cloud set-up of the wide area network link goes down.

But there is a case for stating that the cloud offers greater resilience in the event of a problem, with the provider likely to have more options for using multiple servers or shifting to other data centres.

In addition, there will usually be more scalability in the cloud, with the scope for a rapidly expanding business to increase its data holdings and processing capacity without the time and cost of a big in-house investment.

This aligns with the flexibility that comes with the short term deals offered by cloud providers, sometimes with commitments of months rather than years, to make it responsive to what the customer needs.

But the fanfare around cloud computing should not distract from the case for virtualisation. Overall it’s not clear cut, and depends on a series of value judgements determined by the nature and circumstances of the organisation’s business.

Virtualisation is sometimes described as a component that can provide a step towards the adoption of a private cloud.

But some enterprises may want to pause when they have taken that step and see if it has given them everything they need.

Author: David Clarke
Source

The Concept Of Private Cloud Is Fundamentally Flawed

Leave a reply

Saleforce.com’s chief scientist has slammed the concept of private cloud, claiming that the whole point of cloud computing is that resources, costs and risk are shared between multiple parties.

Speaking at the Cloud Computing World forum in London today, JP Rangaswami said that cloud provides the scalability and flexibility that organisations need to survive in the modern age. However, organisations that choose to adopt private rather than public cloud will miss out on the benefits.

“Whenever anyone uses that phrase to you, just ask them who are you sharing costs with. If all the costs you’re sharing are just with you, you’re just kidding yourself, it ain’t a cloud” said Rangaswami.

“The only way it has value is if someone else is taking the risk, and you can step it up or down. This isn’t just a question of infrastructure; IT is not just about hardware. Your processes have to be able to scale, your ability to put things on and take things off has to be able to scale – everything you do has to be able to scale in both directions.”

Rangaswami said that organisations have to move from thinking about scalable efficiency to thinking about scalable learning. While in the past, the focus was on reducing costs as a business grew, trends in globalisation, offshoring and outsourcing are forcing now companies to work differently.

In particular, companies will have to employ social strategies, as increased competition and reduced barriers to entry make it harder to get a strong return on investment, according to Rangaswami.

“The reason for the social enterprise is because your return on assets is low. You had better connect up your customers, because if you don’t they are going to remain connected up and leave you out of it,” he said.

“In five years time they’re going to be here and you’re not. The social enterprise is as much a survival play as anything else, because of the incredible level of change that is taking place.”

Rangaswami pointed to companies like Facebook, which puts the individual at the centre of the distribution network rather than at the edge, as a model of how businesses will have to operate in the future. He said that if the Web was big in 2004, Facebook is going to be bigger.

“Businesses used to be hierarchies of product and customer, they are now networks of relationship and capability,” he said.

“We have learnt how to value product and customer over 600 years, but we have very little knowledge about how to value a relationship or how to value a capability, which is why we’re really ill-equipped to deal with the changing world in this paradigm of the information age.”

Author: Sophie Curtis
Source

Federal Risk and Authorization Management Program Issues

Leave a reply

Industry experts and cloud service providers are hopeful about the prospects of a new federal program that sets cloud computing security standards, but they also note some potential pitfalls. For one security expert, the program represents a lost chance to improve cybersecurity.

The Obama Administration last month launched the Federal Risk and Authorization Management Program (FedRAMP), which sets a standard approach for assessing the security of cloud services and products against a baseline of controls. The goal is to cut the cost and time spent on redundant agency security assessments and cloud authorizations.

“What it is going to do is provide government agencies and organizations with an easier way of acquiring public and private cloud computing authorizations, which means they can start using cloud a lot easier than they could have through the older FISMA process,” said Dan Philpott, a federal information security specialist and member of the Cloud Security Alliance.

Under FedRAMP, a cloud service provider goes through authorization with one agency and other agencies can leverage that authorization. If an agency has additional requirements, then only the delta between the baseline and those specific requirements needs to be addressed, which provides a more economical model for security, he said.

The “do once, use many times” approach promised by FedRAMP will save both government and industry a lot of money by cutting down on the number of certifications – provided it truly happens, said Jennifer Kerber, vice president for federal and homeland security policy at TechAmerica, a Washington, D.C.-based industry advocacy organization.

The problem will be if a growing number of federal agencies tack on additional requirements to a provider’s certification, she said. “If no one really accepts it and it’s all FedRAMP ‘plus,’ then you have to pay all this extra to get certified, I’m not sure it’s worth it.”

Alan Paller, director of research at the SANS Institute, is highly critical of FedRAMP, which he views as a lost opportunity.

“FedRAMP could have been the breakthrough that enabled the government to lead by example in cybersecurity — demonstrating how to do it right,” he said in an email. “FedRAMP provided that opportunity because it has the leverage of contracting — no company could provide FedRAMP services if they did not meet FedRAMP security rules so had they done the right rules they could have radically improved security and lowered the cost of effective security.”

But officials missed that opportunity by providing guidance that did not require six measures known to provide effective security, including using common security configurations and implementing daily continuous monitoring and mitigation, Paller said. “Instead, the guidance called for people to write reports that could easily be written without effectively implementing any of the six [measures]. It’s a throwback to FISMA at its worst and it is inexcusable,” he said.

FedRAMP elements

White House officials expect FedRAMP to be operational by June after they complete a number of steps, including publishing the security controls, a concept of operations and a charter.

This week, they released the security control requirements, which are based NIST Special Publication 800-53 Revision 3 and include controls that address the unique risks associated with cloud computing, such as multi-tenancy and shared resource pooling.

A key component of FedRAMP are third-party assessment organizations (3PAOs), which will assess cloud providers’ implementation of the security requirements. The FedRAMP program management office plans to publish an initial list of FedRAMP accredited 3PAOs in the second quarter.

In response to criticism that FedRAMP will be a report-based compliance program that doesn’t implement effective security, a FedRAMP program office spokesperson said in an email that FedRAMP will assess and authorize cloud solutions based on implementation of the NIST SP 800-53 security controls and independent validation by an accredited 3PAO. “Once these cloud solutions are assessed and authorized, FedRAMP will coordinate the continuous monitoring activities with federal agencies and DHS, with a focus on real-time data and automation, giving agencies a better ability to view the risk posture of a cloud solution in near real time,” the spokesperson said.

Philpott said having accredited third-party assessors will make it easier for agencies and cloud service providers to know who truly has the technical expertise to evaluate cloud security. He welcomed the final release of the FedRAMP security controls, which he said the CSA plans to quickly adapt to its Cloud Controls Matrix to help the cloud computing industry adopt them.

Falls Church, Va.-based CSC is well prepared for FedRAMP after taking its cloud services through a federal certification and accreditation process, said Yogesh Khanna, North American public sector chief technology officer at CSC. The technology provider recently deployed IaaS and a cloud-based service for development and testing for DHS, he said.

“We’ve gone through the wickets with DHS, taking our system through a pretty comprehensive C&A process,” he said. “We understand the 800-53 goals. … I feel as a company and one that is a strategic partner of one of the leading federal agencies playing a significant role in FedRAMP, we have a lot of experience already under our belt.”

Khanna said FedRAMP will benefit service providers, vendors and cloud customers by providing a benchmark for cloud computing security standards. “You’re letting go of some level of control as a cloud consumer. Unless there’s some industry standards and third parties reviewing it, we’ll always be stuck in a mode where people use security as a barrier,” he said.

Potential FedRAMP issues

While optimistic about FedRAMP, Khanna said he hopes federal officials are prepared to handle the volume of demand the program may generate. “Right out of the gates, they don’t want to create an impression that they’re a stodgy bureaucracy,” he said.

Cloud service providers have a role in the program’s success by making sure they have polished packages that are ready for evaluation, but he would have liked to have seen some commitment to a time limit for FedRAMP’s governing agency to review a cloud service that’s been approved by a 3PAO.

“What we can’t have – and we have a role to play to make sure this doesn’t happen – is the traffic being so great and the staff at FedRAMP not being adequately situated to handle the traffic, creating the perception that things go into the FedRAMP office and nothing comes out,” Khanna said.

Philpott said he sees a potential issue with how a federal initiative, Trusted Internet Connections (TIC), will work under FedRAMP. TIC requires that agencies limit the number of Internet connections they operate, and that traffic be routed so DHS can monitor it for security threats. Routing network traffic to meet the requirements of TIC may not be feasible under some cloud service models, Philpott said.

Overall, though, the baseline of cloud computing security standards established by FedRAMP has the potential to improve cloud security overall, Philpott said. Commercial customers will be able to ask cloud providers to provide the same security they provide the government.

“A lot of cloud providers are very security conscious. Not all of them, but most of the major ones are,” he said. “We hope and expect this is going to provide a level playing field.”

Author: Marcia Savage
Source

Three Myths Clouding CIO Judgment

Leave a reply

For today’s CIO, the perceived barriers to cloud computing remain security, regulation and compliance. The danger that data loss poses to brand equity, customer trust and share price is just the same whether data is stored in a cloud computing or traditional infrastructure model.

The severity of the issue is reflected in legislation like the recent Criminal Justice and Immigration Bill which states that the Information Commissioner’s Office (ICO) now has the authority to levy fines of up to £500,000 on organisations who recklessly lose confidential or personal information.

Security quite rightly should be at the top of every CIO’s agenda but there are a number of myths that lead to over-simplification or indeed dangerous assumptions about cloud computing. In light of this, we explore three myths that we have encountered recently and why they may be distracting CIOs from the real questions that need to be asked.

1. Security and compliance are “external issues”

Whether you choose to place your data “in the cloud” or create a hosting platform from dedicated servers, security must remain your concern. Security cannot be handed over wholesale to a cloud service provider because the very real question of security policies and procedures concerns your users as well. Firewalls and the rules that govern them still stand irrespective of whether infrastructure is virtual or physical. Likewise the usual security processes such as changing passwords and enforcing permission levels need to be observed within your organisation.

These are simple examples but they serve to illustrate the point. Robust data protection is critical to preserving the brand value and reputation of any company. Every week there seems to be another high profile example of a security breach undermining customers’ trust in a brand, whether that is an online gaming site; web retailer or even government department. Regulations regarding security, control and privacy of data are complex. CIOs need to be certain that their service providers can help them navigate these rules and clearly understand where the responsibility for applying each part of the security policy sits.

2. Better SLAs will give sufficient protection

To some degree, the question of SLAs reinforces the same point. If you are using a traditional managed hosting service to host your data, you will ask for a robust SLA that leaves you confident that you can deliver on your SLA to the business. Businesses adopting cloud computing need to take the same approach.

However, relying on the SLA alone does not guarantee performance. It may mean there are penalties in the event of downtime, but that is cold comfort to an ecommerce organisation at the height of their busiest season faced with a website that has been offline for hours. Uptime availability figures aren’t enough. 99.99% uptime may sound impressive until you work out the cost of 0.01% downtime.

CIOs should be asking the same questions around cloud services as they would do about any other IT service they use. What is your organisation’s tolerance to downtime? What is the disaster recovery and back up service available? What will happen in the event of a failure at any point in the service? This does not point to lowest cost, best endeavours service. Economy of scale should mean that your chosen service provider is able to invest to minimise these failures.

CIOs have to be confident their service provider is able to respond and support their business, especially in the face of a “disaster”. Furthermore this should form a key a part of your organisation’s business continuity plan.

3. Private cloud is inherently more secure than public cloud services

Cloud services have moved on since the first definition from NIST in 2009. The background of early public cloud services has contributed to the perception that this type of cloud has lower levels of security. Private cloud should not be seen as a guarantee of security. Private cloud is dedicated to your organisation. By definition this can reduce the risk of using a platform shared by many customers, but again it is only as secure as the policies and procedures that you enforce. Firewalls still need rules. Data centres still need physical security. A private cloud can be more secure than a public cloud, but like any other system it is at risk from poor housekeeping and human error. Assumptions should not be made.

The decision criteria for private or public cloud implementation should be far wider than which is perceived to be more secure. As a CIO you will be asking what your organisation wants to achieve. Is it cost savings, speed to market, or flexibility to scale up or down, or more likely, a combination of all three?

As one of the most significant changes in IT in a generation, cloud computing can deliver real benefits in the way organisations consume IT. However, like any significant business change, careful consideration needs to be given to what the organisation is trying to achieve and why. Our own annual CIO cloud research demonstrates that the majority of businesses are using or piloting cloud computing services across parts of the enterprise, but very few businesses are deploying cloud services ‘in full’.

The deployment of cloud services across the entire enterprise was only 16 per cent, while deployment of cloud services ‘in part’ averages out at 35 percent. This demonstrates that companies are engaging in cloud computing, but very few are making or will ever make the shift to cloud computing outright. Cloud computing is not simply about buying CPU cycles at the cheapest rate, it represents a fundamental change in how we consume and take advantage of IT. The consumerisation of IT is increasing this rate of change and old methods just won’t hack it. While going on this journey from old methods to new is daunting, choosing who you take with you on the journey is perhaps the most important decision any CIO can make at this stage.

Author: Steve Hughes
Source

Plano, TX Company Breaks Into Cloud Computing Business

2 Replies

Interphase Corp., a small Plano telecommunications company, is taking a gamble on breaking into a new market, selling cloud computing hardware to recession-beaten schools, governments and businesses.

Interphase has launched a product portfolio of six desktop virtualization thin clients, small devices that do not store information but can create a desktop environment for users by relying on a remote host server. Companies are increasingly using cloud computing services to deliver their software from remote servers, rather than on-site servers managed by large information technology staffs.

Analysts say challenges abound for the company’s clouDevice portfolio, an untested batch of products in markets dominated by larger, more experienced players, such as Wyse Technology and Hewlett-Packard Co.

“It’s a bit of a David-and-Goliath challenge, but we’re going after it,” Interphase chief executive Greg Kalush said. Kalush said that despite the challenges, his company may have come up with a way to build market share relatively quickly.

How’s that? By keeping the clouDevice’s overhead and manufacturing costs low, and by specializing hardware design to match client needs, Interphase may be able to undercut its competition with lower prices, said HJ Li, Interphase’s senior director of product management.

Analysts say that while small tech companies will fare well when the private cloud computing market takes off, they are skeptical that undercutting the competition will bring Interphase the business it seeks.

“With Interphase being a relative unknown in the thin client space, cost [savings] can only go so far,” said Ian Song, a senior research analyst at the International Data Corp., an information technology research company.

“We really don’t know what some of their performance capabilities are,” Song said. “The portfolio is by no means comprehensive. It’s pretty good.” Mark Margevicius, vice president and research director at Gartner Research, a company that tracks trends in information technology, said that as long as a company differentiates itself, there’s an opportunity for any vendor to succeed. But the technology Interphase must use to manufacture its devices is available to Wyse and HP, so it’s hard to see how Interphase can undercut its competition at all, Margevicius said.

Potential clients have been more than a little rattled by the recession. Kalush said some of the most appropriate customers for the clouDevice products are cash-strapped schools and local governments — particularly in Texas — that could use information technology to save money. For education, Interphase emphasizes cost-efficiency and more computer access for students.

“We could put a wireless client device in the hands of a student for $150 or less,” Kalush said.

For governments and enterprise businesses, desktop virtualization consolidates a company network to one source, making it easier for IT staffs to thwart computer viruses that would otherwise spread undetected, Kalush said.

Expanding the business Interphase, though small, had a strong first half of this year. The company increased its telecommunications revenue 60 percent in the second quarter, generating $6.2 million. Profit rose 82 percent in the second quarter over last year to $3.2 million.

The company was founded in 1974 as an engineering consulting company, and it gradually started selling products in the early micro-controller industry. Micro-controllers are tiny computers built into products, such as microwaves, that usually perform just one function.

In 1999, Interphase entered the telecommunications market, selling hardware and signaling devices to military units and other clients. But three years ago, Interphase leaders decided the company needed to diversify, partially because the telecommunications market is unpredictable.

Li said he started looking into the information technology market, but at first, he had trouble finding a market that a company of Interphase’s size could enter effectively. The cloud computing market was an attractive bet, and analysts predicted plenty of growth, Li said.

Gartner Research expects worldwide cloud services revenue to grow about 100 percent to $148.8 billion by 2014. According to IDC, server sales resulting from cloud computing will grow 50 percent to $12.6 billion by 2014.

Ethernet advantage Bill Rust, a Gartner analyst who covers education information technology, said one of the clouDevice’s features, the ability to run using an Ethernet rather than a USB cable, makes Interphase an interesting vendor.

USB is limited to 16 feet and is a major problem for implementing desktop virtualization in schools, but Ethernet doesn’t have that limitation and is cheaper.

“They may be one of our next Cool Vendors,” Rust said, referring to annual recognitions that Gartner gives to innovating companies.

Wi-Fi on the way The Ethernet clouDevice products are already available, and in the coming months, Interphase will release a version of its devices that can run on WiFi.

Susan Eustis, president of WinterGreen Research, said small companies that can be nimble and innovative will do well in the cloud computing market because large companies can’t cut prices and aren’t focused on building market share.

“Small companies aren’t hampered in this way,” Eustis said.

“After the little companies build the market, the big companies will gobble them up. They see who’s going to succeed.” However, small companies must be careful to develop products that are unique — they should avoid going head-to-head with large companies such as IBM, she said.

“That being said, there’s a lot of space in this cloud business to go places,” Eustis said.

With so much growth expected for private cloud computing services, Kalush said, it was hard to resist jumping in.

The market has “got a lot of positive attributes, and we thought, what the heck, this looks like a pretty cool market, let’s go see what we can do,” he said. “It’s one of those Hail Mary passes, but we feel pretty good that we’ve got something here.” Interphase Corp.

Source

Overcoming Doubts About Cloud Computing

Leave a reply

Cloud Computing, which allows oganisations to share resources, software and applications, can bring radical change to public sector ICT services. Using the cloud will reduce costs and risks and bring scalability, and resilience. But many top managers believe the risks are too great. The author looks at the reality of Cloud Computing.

It seems that board-level executives are not as keen as their IT professionals on the adoption of Cloud computing according to no less than three new reports. The reports from heavyweights Dell, IBM and Symantec report varying levels of fear, uncertainty and doubt about Cloud adoption. This is a little surprising given the importance CEOs and boards always purport to give to efficiency and cost reductions – two of the undoubted benefits of cloud computing.

In a recent Dell survey 223 IT professionals at this year’s Cloud Expo were asked about their companies’ attitudes to cloud computing. The survey showed up the differences between how business leaders view the cloud and how IT professionals view it.

The IT professionals reported that business leaders were more likely than themselves to describe the cloud as either having “immense potential” or being a “passing fad.” According to Dell “the survey data validates a perceived lingering disconnect in expectations between IT professionals and senior business executives.”

The second report, Symantec’s 2011 Virtualisation and Evolution to The Cloud, points out that over 75 percent of C-Level executives cite reliability, security and performance as their main concerns about virtualization and hybrid-cloud deployment. These numbers stand in contrast to responses from IT professionals, who report that after cloud adoption, these areas all scored quite well compared to their goals.

The third report, IBM’s, 2011 Global CIO Study, devotes an entire section to a survey of 622 midmarket CIOs and highlights the obstacles that IT departments face depending on their business needs and goals. The report highlights that no one single solution for cloud adoption is going to work across the board.

Presenting the benefits of cloud computing realistically

What this shows is that CIOs are still not effectively communicating the business benefits of Cloud computing to their bosses. What all three surveys show is that good communications between IT and C-level management is critical for any business looking into cloud adoption, the hybrid cloud, or even just increased virtualization. It is obvious that major areas of concern like security and reliability, initialization costs and long-term investment is not being explained properly to the Board.

CIOs and IT managers must be careful not to over-sell the cloud and promise results that are impossible. The Symantec report showed a chasm between expectations and reality in the area of scalability, something a cloud solution excels at. This obviously means that many C-level executives were over-sold or were simply never brought down to reality of the cloud’s ability. Other areas where businesses felt that the cloud fell short were in reducing operating expenses and reducing complexity. These types of failures make it less likely that management will approve future cloud initiatives. When discussing IT solutions, IT professional should be sure they are discussing the current cloud, instead of an idealized hypothesis of what it may one day become.

Symantec report says that security is the major worry of most CEOs cited by 77% of them. This is followed by concern about reliability – 71% and performance, also worried about by 71% of CEOs. This is not entirely surprising given the huge media exposure given to data breaches such as the ones Sony, RSA Security Sega and many others. What is surprising is that CIOs are not explaining that the breaches are not necessarily due to Cloud Computing and could have and may have occurred using in-house managed systems.

Why is the message not getting through?

So why aren’t their IT people putting them right on all this? Maybe they are, but aren’t being listened to. Maybe they are, but they can’t convey the message in the language that the board can understand. Whichever is true, it’s clear that better communication is needed between wary CEOs and their IT managers.

However, Cloud Computing is at least high up on the agenda – with up to 90% of organisations stating that they are least discussing Cloud projects. But among some of those who said they had installed Cloud Computing in some form, the curse of bad communications hit them again – over-inflated expectations led many to complain that the actual implementation of Cloud did not come up to their expectations. That can only be blamed on the CTOS.

Symantec created its own check list of recommendations to make Cloud adoption as smooth as possible:

• Ensure alignment between IT and executives in virtualization and cloud initiatives: It is important to show that you can address C-level concerns such as security and availability.

• Don’t operate in a silo when it comes to Cloud Computing: virtualisation and Cloud initiatives are most successful when implemented as mainstream, comprehensive IT initiatives.

• Leverage and modernize your existing infrastructure: Before you’re ready to implement hybrid/private cloud, make sure you are leveraging the existing infrastructure to achieve the same efficiencies and then modernising it as needed.

• Set realistic expectations and track your results: Remember that despite the hype, Cloud is a new and still maturing market. Do your homework to set expectations that are realistic, then follow up and track results to identify ways to improve project efficiency going forward.

Moving many IT services into the cloud is quickly becoming a requirement for organisations. It doesn’t seem to matter what the organisation is – from industrial applications to making food, it can benefit from scalable storage and powerful virtualized business intelligence. Businesses that fail to take advantage of these solutions risk losing a huge edge to competitors who do take advantage of the cloud. IT professionals should see it as their responsibility to convince management to adopt cloud solutions for their businesses but they have to be careful to set realistic expectations or they will set their companies back many years and risk the mistrust of their boards for many years.

Source

Cloud Services Beg for Nimbler Management

Leave a reply

Traditional systems management has been obscured in large part by the advent of cloud, where, after all, the promise is cheap, automated infrastructure you don’t have to manage, just use. But as the public cloud paradigm has proven out, more and more businesses, both small and large, want to replicate that success in their own operations.

For some small businesses, the case for cloud is pretty obvious. Chuck Spalding, a hydrogeologist with McDonald Morrissey Associates, Inc., said his firm needed to run complex calculations on data and turn it into useful models of groundwater resources. They ran simulations on their workstations, but depending on the size of the project, it could take days to crank out the end result. Spalding said they felt the pinch, and his competitors had solved the problem traditionally.

“There’s a guy who put in 94 servers in his office to do this,” he said.

Spalding had no interest in following that route; aside from the cost of buying equipment, he’d end up sinking valuable time into networking, operating and managing all those systems. Cloud computing seemed like an ideal answer.

“I’d read about GoGrid in some of our trade magazines as a way to approach this,” he said. Experimenting with GoGrid made it clear that while Spalding was trading out onsite IT chores for easy access to virtual machines, managing it by hand was still clunky.

“Say I start 50 machines,” he said. “I still have to go to each one, put in my password, upload the data and set them to run.”

Spalding is experimenting with a new breed of management tools expressly designed around the Infrastructure as a Service paradigm; he uses enStratus to automate the jobs he pushes out to the cloud. And because he has essentially unlimited capacity at his fingertips, rush jobs are now possible.

Eventually, Spalding would like to break out the cost of data processing on client invoices as a courtesy. It’s a functionality that enStratus is working on; like most cloud management tools, it started out focusing on the ability to automate basic commands to multiple cloud services from a single interface.

For those in the online world, services like RightScale and Cloudkick (now owned by Rackspace) have had time to develop those sophisticated features, whereas software tools like EnStratus are developing alongside cloud interest from the enterprise perspective.

The next level of cloud management

Some services come at it from the other direction. Eric Gauthier, an IT administrator for Washington state credit union BECU (originally the Boeing Employees Credit Union), has got a full plate; financial systems, business systems, office systems and outside services, like the vendors BECU uses for secure online banking for its customers. All of that needs managing, and since the bank’s IT infrastructure is about as virtualized as it gets, he’s looking at cloud computing techniques that are on the next level. Mostly, he’d like to get rid of the manual chores or managing demand.

“The middle of the month and the end of month can get very heavy for us in terms of usage,” he said.

Gauthier said it’s not a question of immediate need for something new, like Chuck Spalding’s situation; it’s about squeezing more and more automation into existing infrastructure. BECU uses workload automation tools from UC4 to manage some of its important financial systems, and Gauthier said that a new release (Automation Platform v9) from the vendor is a step in that direction.

The new software includes job scheduling, policy-based automation, analytics, support to run commands from VMware’s vCenter for his virtual machines, and other features that bump it up past ground-level systems management. More streamlined operations mean less time spent hovering over a console around the middle of every month and more time innovating.

“This is what will eventually get us to private cloud,” he said.

As cloud grows, management concerns heighten

“From a ‘how do I acquire and deploy systems’ perspective, management has become a rapidly accelerating concern,” said Dennis Drogseth, analyst at Enterprise Management Associates, “especially in terms of the those involved in the role of IT and priority changes in how services are delivered.”

Drogseth recently completed new research that backs up this trend. Where the rubber meets the road for cloud in the enterprise is exactly at the level cloud computing is supposed to improve: actual day-to-day operations. EMA surveyed a swath of IT decision-makers and found that not only was cloud top of mind, it was complex and changing operational norms.

Almost 80% of the respondents said they were in the process of building hybrid models for IT services that would mix and match private infrastructure with outside services and public clouds. Almost half said that they expected cloud to bring significant changes to process flow, along with how they looked at and adopted systems management tools.

Drogseth said that this is par for the course in technology adoption. Many business users have waited out or been oblivious to the hype around cloud, but now we’re beginning to see technologies appear that are relevant to the real world and not just the online marketplace.

“Cloud seems to be accelerating the need for intelligent, top-down service management both politically and technologically, even if much of the initial hype had a sixties flavor of ‘tune in, drop out and put it in the cloud’ behind it,” Drogseth wrote in his report “Operationalizing cloud: The move towards a cross-domain service management strategy.”

Drogseth anticipates that cloud computing is going to be a robust part of the systems management marketplace in two to five years, with vendors stratifying out small and medium-sized business users with one-size fits-all point services and larger vendors willing to engage in cross platform, cross-cloud customization. Early efforts are certainly underway: Microsoft has pitched its new System Center Operations Manager (SCOM) as a central, single tool for everything Microsoft sells into the data center, including Hyper-V, Azure deployments and regular server management.

Meanwhile, IBM has expanded its venerable Tivoli management platform to cover VMware and other platforms and HP claims that it will deliver OpenView/Opsware-based cloud platforms. Of course, none of that is fully baked yet, with all the major vendors pointing to the end of the year and beyond for fulfillment and startups and smaller cloud management suites busily maturing. The change will be gradual but ultimately undeniable.

Source

Cloud Computing: What It Can Do For You And Your Business

2 Replies

The tech world has no shortage of jargon.

But one term in particular has businesses small and large scratching their heads: What is cloud computing?

Businesses know they’re headed there, but where are they going?

Many of them are already there, even if they don’t realize it. Some of the most basic Web tasks are based in the cloud — a generic term that basically means tapping into online-based services.

Common tasks like e-mail, social networking and online photo-sharing take place in the cloud.

“You almost have to demystify it,” says John Fikany, vice president and general manager of Microsoft, which is hoping to capitalize on the cloud movement. “The reality is, they’ve been playing in it for a while, whether they know it or not.”

At its most basic level, the cloud is a method of maintaining digital information and services online — often many states away in climate-controlled warehouses packed with stacks of servers.

Using the cloud frees up businesses from having to purchase, maintain and troubleshoot their own information-technology services.

It can also serve as a way for firms to grow easily and dynamically as they see surges in business.

Worldwide revenue from public cloud services exceeded $16 billion in 2009 and is on track to reach $55.5 billion in 2014, according to International Data.

Cloud computing lets companies store data and do tasks on off-site servers

Before the advent of the power grid, companies supplied their own electricity with devices like waterwheels, churning constantly to provide enough juice for daily operations.

But more than a hundred years ago, those companies were able to plug into a centralized grid, freeing them from managing their own power sources.

Companies now face a similar transition as they stop using traditional in-house data storage and computing solutions and tap instead into a vast network of online storage.

That context, which serves as the thesis of Nicholas Carr’s influential book “The Big Switch,” is the basis of the cloud computing movement.

Using the cloud — a catch-all term for storing data or completing tasks through off-premise servers — has become a key focus of businesses small and large.

“Once you get past that marketing term, what’s happening is definitely for real,” says Bryan Beecher, director of computer and network services at the University of Michigan.

But many questions remain.

A recent Microsoft survey found that more than half of small- to medium-size businesses in 10 key U.S. cities including Detroit have either never heard of the cloud or have heard of it but know nothing about it.

That same survey also found that only 16% of small- to medium-size businesses had a cloud project planned.

Here is a primer for those thinking of rising further into the cloud:

What is the cloud?

The cloud is basically a metaphor for the Internet.

Tapping into the cloud allows companies to abandon on-premise servers and IT departments tasked with maintaining and troubleshooting computing resources inside their own four walls.

“At the end of the day, the less IT resources you have on premise and focus instead on your core business the better,” says Vanessa Alvarez, a cloud-computing analyst at Forrester Research.

Most of us use the cloud daily already with tasks like e-mail. Those messages and any attachments are stored in servers far away, not on our computers.

“You might not be sure where they are, but that’s OK. You don’t have to care where they are,” Beecher says.

Cloud computing advantages

• Ability to upgrade. One of the largest expenses in a traditional IT department is upgrading, troubleshooting and fixing in-house server solutions.

In the cloud, those servers are maintained and upgraded automatically by a provider like Amazon, Microsoft or Google.

“When you’re in the cloud environment, you’re always on the latest and greatest,” says Microsoft Vice President and General Manager John Fikany.

• Ability to scale. Using cloud computing also allows business to make it safely through sudden or anticipated spikes in data processing, like the holiday shopping season for merchants.

If those merchants managed their own IT services, they would have to anticipate that spike and maintain that high level of computing resources in-house year-round, even when they only used a fraction.

“For that, cloud is the perfect solution, because you just burst into the cloud,” Alvarez says.

“At the end of that period, you can shut off those resources and that’s it. You’re not continuing to pay for that infrastructure.”

• Flexible computing resources. The cloud isn’t just about storing data on far-away servers. Tapping into the cloud also allows companies to create virtual machines — theoretical computers that sit fully inside the cloud.

Virtual machines aren’t actually computers, they’re just chunks of the cloud, but they can perform all the same tasks. And, to the end user, there’s no knowing that the applications and files they’re accessing are actually stored far away and not on their machine.

Using them reduces a business’ reliance on buying and maintaining traditional and high-powered computer hardware and allows it to set aside segments of the cloud devoted to computing tasks, Beecher says.

“When I don’t need a virtual machine anymore, Amazon will turn off the bill,” he says.

Cloud computing disadvantages

For some businesses, it might be more cost effective to not enter the cloud.

Especially for small firms, it might make sense to buy a small low-end $1,000 server and run it for 10 years, Beecher says.

Cloud service prices vary widely depending on the amount of storage and amount of layered services provided, but most pricing plans will charge per hour — sometimes at a rate of a cent or less — and also for the amount of storage you need.

Businesses also lose physical control of their hardware, as they depend on a company, sometimes across the country, to maintain the infrastructure that their business runs on.

How do cloud services differ?

There are two main types of cloud services: public and private.

The large players in the public arena are Amazon’s Web Services and Google.

These are the most basic of the cloud options, Alvarez says, and they offer limited, but very cost-effective options for simple services like data storage.

Private cloud services from companies like Microsoft, AT&T and Verizon offer enhanced security and data management options for tasks like virtual computing.

Most companies use a hybrid solution by tapping into both cloud types to leverage the cost-effectiveness of the public cloud and the security options of the private cloud, Alvarez says.

Streamlining and efficiency: Is that code for job losses?

Not always.

Many companies are using the resources freed up by a cloud-based data strategy in other parts of their companies.

“In some cases, they’re reducing,” Fikany said of firms that had previously managed their own data centers. “In other cases, they’re redeploying people.”

For U-M’s Beecher, a cloud-based strategy allows him to do more with his own resources.

“I can do less of the very routine stuff — that other people are better at anyway — and focus on the tech that’s more unique to the kind of business we have here.

“Why would I want to hire somebody to manage a machine room and figure out how much electricity we need when I can pay Amazon that?”

If a company puts its data on the Web, who owns it?

For consumers, part of the trepidation with giving cloud-based sites like Facebook or Flickr data such as photos or videos is that those sites assume some ownership of that content.

For corporate entities, though, data ownership is something that is hashed out at the beginning of any cloud-based strategy, says Eric Abbot, an online solution specialist at Microsoft. And all that important data remains owned solely by the businesses.

Part of that, too, is the ability for firms to take the data stored to another company if desired, Abbot said, which is also part of the agreements hashed out at the outset.

But putting your company’s data in the cloud still may carry some risks, Beecher says.

Even if a company retains ownership rights to its data, storing it elsewhere may open up the hosting company to some disclosure through official requests such as subpoenas or Freedom of Information Act requests.

“It might not be an ownership problem,” he says. “But can people get to it when they might not have been able to get to it if it wasn’t in the cloud?

Is data stored in the cloud safe?

Private cloud services, like those offered by Microsoft, include high levels of security.

Data centers are kept current with international standards on security and data back-ups, Microsoft says.

If a company has to keep sensitive information such as financial or medical records, a hybrid solution can be worked out to keep some data secure in-house while still leveraging the power of the cloud on other tasks, Abbot says.

“We aren’t saying that the cloud is right for everybody,” he says.

And moving data from in-house servers to the cloud can actually improve security, Alvarez says, as many security breaches come from a company’s own employees with the theft of things like trade secrets.

“There’s really no difference anymore between whether you have it on-premise or in the cloud,” Alvarez says. “You still run the same risks.”

Source

Cloud Computing: Four Favorite Flavors, Explained

1 Reply

Cloud computing is famous for being a metaphor instead of a technology, but that metaphor is increasingly hard for non-techies to understand. Many variations of cloud have emerged that have little to do with the initial vision that sparked interest— a public cloud with burst-up capability on demand.

“Public cloud is not what most of our clients are talking about right now,” according to Chris Wolf, analyst for Gartner Group’s Burton Group consultancy. “Pretty much everything’s hybrid.”

Public cloud (pay-for-play) services such as Amazon’s EC2 and Microsoft’s (MSFT) Azure were the proof-of-concept for cloud technology. Rather than shift the majority of their own IT to professionally maintained shared-resource services such as those, however, most companies are today using cloud to build on their internal virtual infrastructures, analysts say.

The greatest benefit of cloud is its ability to connect otherwise incompatible infrastructures, not just one or two applications at a time, and its ability to let customers dial up more compute power when they need it, says International Data Corp. analyst Ian Song. Nevertheless, IDC’s market surveys predict that spending on cloud will rise from $17 billion in 2009 to $44 billion in 2013.

“It’s not real clear in most people’s minds what virtualization or cloud will get them,” according to Roger Johnson, who evangelized both in his previous job as a senior IT manager at audio-systems reseller Crutchfield Corp., and does so now as a senior systems engineer at Richmond, Va.-based integrator SyCom Technologies.

“Most people seem like they’re interested in cloud but they don’t want to touch it until there’s more adoption and a better track record,” says Johnson.

Most companies take a roll-your-own approach to cloud, adding cloudlike interfaces to existing systems, building new systems on virtualized, highly interoperable systems, or hiring co-location, server hosting or online services to meet specific needs or east particular points of pain, Wolf says.

There is no single model for how best to mix all the various cloud service permutations, but a few consistent models have emerged:

1. Internal Clouds

In what’s turning out to be the most common form of cloud computing (and convenient for virtual-server vendor VMware, (VMW)) internal, private clouds allow a company to weave layers of virtualization and management software around existing infrastructure to tie servers, storage, networks, data and applications. The goal: Once they’re interconnected and virtualized, IT can shift storage, compute power or other resources invisibly from one place to another to give all the end-user divisions all the resources they need at any time, but no more than that.

What’s the difference between a highly virtualized environment and an internal cloud? VMware says an internal cloud should also have a high degree of management automation and offer chargeback capabilities for business units. Private clouds should make managing both information and technology easier, but will blow apart the silos into which most IT organizations have been built over decades, Wolf says. “Right now the server people talk to the server people, not networks or support or anything else,” he says. “If everything’s virtualized, everything’s on ever box, so your job can’t be defined according to where the box you’re responsible for sits.”

2. External Cloud Hosting

External cloud—any IT service maintained by an external service provider and accessed through the Internet—is the best source for both cost-effective IT extensibility and of insecurity, mistrust, confusion and the potential for disaster. Among the best known U.S. providers of external cloud services are Rackspace, Terramark, Equinix (EQIX), AT&T and IBM (IBM). The big worry: In a recent Portio Research survey, 68 percent of respondents say worries about security are holding them back from cloud projects; 58 percent say performance is also a drawback.

“In the public cloud a lot of the fear factor is that your data is sitting on someone else’s infrastructure,” says Vince DiMemmo, general manager of cloud and IT services at data-center hosting and services company Equinix. “When you hire someone else your expectations for security are much higher, so most customers aren’t comparing what a service provider offers compared to what they do in their own systems. They tend to be nervous about cloud, too, not for [co-location] and server-hosting that they’ve been doing for a long time.”

There’s not a lot of difference betweeen co-location or hosting and cloud services in the platform-as-a-service market, which means any IT organization with external providers has already done most of the vetting needed for a cloud provider, says Jim Levesque, systems programmer and supervisor of the cloud-based disaster-recovery and backup system built by the Los Angeles Department of Water and Power for its 600-server business-application network.

“You check the security, make sure about their finances so they’re not going to disappear right away, talk to their references and make sure they’ve got good provisioning on the things that are important— plenty of I/O and network access, redundant connections and power supplies, emergency plans, all that stuff,” Levesque says.

But many customers are also worried they’ll get locked in to a single service company if the APIs, systems and interfaces their cloud provider uses don’t allow them to pick up an move back to internal servers or to a different provider’s infrastructure, according to Karl MacDonald, chief evangelist for cloud service provider Cloud.com.

3. Hybrid or Modular Approach

It’s pretty clear that the near future of IT is the hybrid cloud model, Wolf says. Hybrid cloud computing can include a mix on internal clouds, external cloud services and traditional SaaS options. The mix of pieces that hybrid should include for a specific business will end up being as unique as the IT organizations that provide it, he says.

Some small- and mid-sized companies face the same dilemma as that guy who insists he can wear the same jeans he did in high school, despite their 32-inch waist and his 42-inch belly. The CEO keeps cinching the budget a little tighter every quarter.

Smaller-scale workspace on demand services can fit the bill here. Originally conceived for applications such as on-demand test and development environments (where the need for 100 virtual workstations on which to test a software distribution script wouldn’t be unusual) workspace on demand companies such as CloudShare, Soonr or Microsoft Azure offer mini versions of the macro cloud.

Rather than buy large-scale services with a lot of configuration and management from Amazon or other hosting companies, it makes sense to have a service you can use to get IT-on-demand for workgroups rather than enterprises, according to Steve Peltzman, CIO of New York’s Museum of Modern Art.

“We, like a lot of companies, have only one set of staging servers for anything, and you don’t want to add a feature because you don’t want to mess with the staging, so you have to put that off,” Peltzman says. “There are lots of needs, strategic or tactical, we have to meet during the day without having a rack of servers to pull out to do it. We look at where it makes sense to outsource  SaaS providers, SalesForce, outsourcing email to Gmail, Amazon or Cloudshare for platform. Sometimes I don’t know what we’re going to use a specific service or function for, but I know we’re going to need it. That’s what I’m looking to the cloud for.”

4. Traditional SaaS

For those looking for an even smaller slice of additional functionality or capacity, plain-jane SaaS may be the way to go. The quickest way to get into “cloud computing” is to sign up for free email at Yahoo (YHOO) or Google (GOOG), or for productivity apps from Zoho, 37Signals or a host of other services aimed at businesses or individuals.

Google’s corporate email is popular among small companies that put managing their own Exchange servers somewhere down below housekeeping and maintenance. Productivity apps are available online from Microsoft, Zoho and others who’d rather not pay for bulk upgrades of feature-heavy desktop applications.

Companies that don’t even want to have to maintain Windows can go to Desktone, ThinkGrid and a few other VDI-on-demand providers.

Source

How To Get Started With Cloud Computing

1 Reply

1. Get smart

Before making a move into the cloud, get educated on the principles and definitions of cloud computing, advises Johan Goossens, head of NATO’s Allied Command Transformation’s (ACT) Technology & Human Factors Branch in Norfolk, Va.

“We started in the summer of 2010 with educational efforts. We got ourselves smart on the terminology, sitting down with vendor partners,” he says.

2. Know your apps

“Before we got started with the cloud, we made sure that we had a good grasp of our application inventory,” says Pedro Villalba, CTO at EmblemHealth, a health insurance provider in New York.

“We identified which applications are driving the business, and then determined which ones need standalone environments. We found a lot of applications, because of the way they’ve been built, don’t lend themselves to be used in a cloud strategy unless they’re completely reengineered,” he adds.

Once he had wrapped up the application inventory, Villalba says he had a clear understanding of what applications would work well in a virtualized cloud environment.

3. Put together a sample business case

“Cloud is not magic. It’s not a silver bullet or a panacea. It’s an implementation of technology with certain advantages and characteristics,” says Mark White, CTO for Deloitte Consulting’s technology practice. “Like in any implementation, particularly when you’re trialing activities, we recommend CIOs do a business case as a first experience.”

The good news is, the public cloud lends itself to “sticking a toe in the water and doing a first department, geography or use case, as in a first workload to move to the cloud,” White adds.

Take into account factors such as the characteristics of cost, the expected return on investment categories and hurdle levels, SLA and performance expectations, service characteristics – what is this doing for me and how – and measure those after the fact.

David Linthicum, CTO at Blue Mountain Labs, a cloud consulting firm, and cloud computing blogger at InfoWorld, a Network World sister publication, agrees. “Most of my clients have prototypes going on and that’s what I recommend they do,” he says.

“If someone comes to me and says, ‘We want to look at infrastructure as a service to solve our storage needs,’ I say, ‘Well that’s great, but let’s first understand what that is from an academic perspective and then let’s look at the business case,’” he says.

“That’s the best way to understand the capabilities of the cloud and how it works in context of your system,” Linthicum adds. “You might spend maybe a couple hundred thousand dollars in time and effort in doing this, but you’ll get something that can end up saving you millions of dollars if you pick the right solution.”

4. Keep expectations in check

If you’re going to set up a private cloud, you want to make it as simple to use as Amazon’s Elastic Compute Cloud (EC2). “Go ahead and empower users with self-service and the ability to deploy an application in 15 minutes, but do those things while setting the right expectations,” says James Staten, vice president and principal analyst with Forrester Research.

For example, IT must make four caveats crystal clear to application developers: Some workloads will be restricted from running in the private cloud; the SLAs for the cloud are more similar to what a user would get from Amazon than the corporate data center – meaning, they shouldn’t expect to call IT at two in the morning if a private cloud app falls over; they must commit to an expiration date for the workload; and running that workload in the private cloud will cost your department, and here’s how much.

“Once all that is clear, then at a lot of companies it becomes a matter of, ‘You can deploy in 15 minutes once your request is approved,’ but that doesn’t mean by IT, because you want to get out of the way. That approval might come from an enterprise architect, the application development manager or the like,” he says.

If your private cloud looks and feels too much like EC2, developers will play there and in a big way, Staten cautions. “That could exacerbate virtual machine sprawl – if you don’t create an appropriate cost model, for example, that’s like giving them EC2 without a bill and in that case they’ll never have any reason to leave. You’ll have virtual machines coming in but never going away.”

5. Chose a fast path to private cloud

In other words, buy a cloud-in-a-box product, Staten says. “This makes so much sense because of the urgency and priority around the cloud right now.”

Cloud-in-a-box products come in two variants, he explains. You can get a software cloud in a box, and then provide the specified hardware and infrastructure below that. That’ll cost IT in the $10,000 to $50,000 range, depending on cloud size. “We recommend IT starts with as small a cloud as possible so it can get its feet wet and learn on a smaller dime,” Staten says.

Getting started with a complete cloud in a physical box will run IT roughly $150,000, Staten says. “With a complete cloud in a box, you should be able to support most of what the developers would want to put in a cloud anyways.”

Source