In October of 2009 I was interviewed by GovIT Journal and in that article I presented my view that Cloud Computing is highly dependent upon the network. The actual quote given was, “Which just goes to show, the telco providers still hold all this stuff by the balls!” More than ever, based on my work over the past four months as Merlin International’s Chief Architect, I still believe this is a critical and pertinent factor regardless of your Cloud Computing architecture.
Indeed, I have relished these past few months because they have presented me with the opportunity to delve deep into the muscle tissue of Cloud Computing. One of Merlin’s key areas of success has been in providing networking and data center hardware and software. While many architects can talk a good game about Cloud Computing, few have actually walked the stack top to bottom and actually touched the underbelly of the beast. Shoot, I even became a Riverbed Certified Solution Professional, a wickedly-cool WAN optimization product and am now focusing on Network Appliance certifications next. Understanding these “organs” of the Cloud truly provide unmatched insight into what is achievable and what is hype.
Meanwhile, I’ve been deep in muck gaining real insight into what Federal government customers are dealing with in trying to provide agile infrastructures to support the growing and changing needs of their user base. It’s real easy for pundits to step up and present a vision for Cloud Computing as a configurable resource that’s capable of meeting all needs, but I really believe that is a misnomer. In fact, more than ever I believe that we need to specialize Clouds to support a specific purpose. For example, I advocate that users need separate Cloud Computing infrastructures to support their full-motion video needs and their back office applications and that these should not live on the same Cloud infrastructure; especially if utilizing multicast video capabilities.
Vendors spewing forth mumbo-jumbo about creating a group of virtual machines and deploying them in an automated fashion seem to be heavily focused on new and simplistic database and business applications. Anyone doing heavy lifting on their network, dealing with saturated WAN egress points and leveraging legacy applications know that this is a pipe dream designed for the R&D lab. Putting together a Cloud Computing architecture requires a solid Enterprise Architecture effort in which the AS-IS and TO-BE architectures are fully understood and documented and there a roadmap that describes how to move from one to the other inclusive of details, such as security, auditing, monitoring, utilization, tuning, etc.
Oh, and let’s talk about security. I’m going to be putting forth an entire blog entry shortly on the real issues with defending against cyber threats, but, needless to say, building out a Cloud Computing solution before you even implement a single sign-on solution and identity management program is a recipe for redundancy and increased overhead at a minimum and breach in the worst case.
In this article, Hord Tipton, executive director of (ISC)2, the International Information Systems Security Certification Consortium, and ex-CIO of the Interior Department and Bureau of Land Management, makes an important point that security must be baked in from the start. I couldn’t agree more. Putting a few Intrusion Prevention Systems (IPS) or Data Loss Prevention (DLP) tools as the egress/ingress points cannot stop one of the biggest security flaws we have because they are designed into the core of the applications that manage and control the data. The move to the Cloud only exacerbates these problems. However, I will admit the move to Cloud offers a tremendous opportunity to deliver security as a service and then port the applications to the new architecture to minimize the risk of potential breaches.
One thing is for sure, this Cloud puzzle is large and offers a great opportunity for efficiencies. However, we need to be pragmatic in our approach or we risk exacerbating current problems instead of solving them.
2 thoughts on “Cloud Computing Pragmatics”
It was good to read an article pointing out a vision of cloud computing that reflects my own (and that of my company’s). Users need to be given true flexibility and control if the cloud is to extend to a wider audience and to capture more of the enterprise space in particular.
Currently what is known as IaaS is actually a hydrid of IaaS/PaaS because of the many restrictions these vendors impose on their product. It is no surprise that the top issues that cloud computing face are concerns regarding security and control! Openness and flexibility at the IaaS layer is critical as this shapes the nature of PaaS and SaaS which both will rely on IaaS moving forward.
Users need to be able to craft tailored virtual infrastructure solutions that specifically meet their needs, not change the way they do their computing to meet some arbitrary architecture imposed by the cloud vendor. That means flexibility and openness in a number of facets:
– a user defined software layer where users can install and use any OS and software they desire
– user controlled networking allowing true security and user defined solutions (such as VPNs, VLANs etc.) which they control
– transparent per resource pricing achieving price transparency for users
– unbundled resources allowing purchasing that actually meets users’ needs, increasing efficiency of purchasing
Open and flexible platforms are by their nature less proprietary. This has a powerful secondary effect. Users of such IaaS offerings don’t suffer the same level of vendor lock-in than those using platforms that are very proprietary. This form of lock-in is far more powerful than re-coding for a different API for example and much less well understood.
In summary I believe many of the problems and concerns that cloud computing and IaaS face today are soluble and vendor driven. Turning the restrictive IaaS/PaaS hybrid clouds of today into pure IaaS clouds along utility computing lines can deliver the sort of performance, control and security that users are crying out for today.
Couldn’t agree more – which is why I get frustrated at industry analysts still using phrases like “in the cloud”. This really doesn’t help in understanding and communicating the AS-IS and TO-BE issue. William Vambenepe’s blog discussed the “backward-compatible” and “forward-compatible” cloud as another way to think about this puzzle. I’ve used it a few times and it does seem to help…