Beruflich Dokumente
Kultur Dokumente
FEBRUARY 2012
Cloud Computing
Deep Dive
i Deep Dive Articles
STATE OF THE CLOUD Shaking up the data center . . . . . . . . . . . . . . . .2 n Sidebar: 5 key trends in cloud computings future . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3 n Sidebar: The case for public-first cloud computing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4 IT jobs: Winners and losers . . . . . . . . . . . . . . . .5 CLOUD DEVELOPMENT How the cloud influences app dev . . . . . . . . . . .9 9 must-knows before developing . . . . . . . . . . 10 n Sidebar: What cloud providers should learn from Amazon Web Services . . . . . . . . . . . . 13 CLOUD STANDARDS No . 2 Rackspace tries harder . . . . . . . . . . . . . . 14 LAST WORD THE The cloud makes users of us all . . . . . . . . . . . . 19
i Cloud Computing
i N T RO D U C T i O N
Special Report 2
GOiNG PUbLiC
During a recent visit to InfoWorld, Kerry Bailey, president of Terremark (now chief marketing officer for Verizon Enterprise Solutions), was exceptionally bullish in his predictions for public cloud growth. Acquired earlier this year by Verizon, Terremark operates a public cloud IaaS play thats 100-percent VMware the enterprise virtualization vendor of choice. Bailey says Terremark has seen 178 percent growth in its cloud business from 2010 to 2011, with current revenues in the hundreds of millions. He also says that the No. 1 objection to the public cloud, security, has been replaced by performance which Terremark has addressed with proximity. According to Bailey, Terremark now has a physical presence in all the NFL cities in the United States. And
INFOWORLD.COM DEEP DIVE SERIES
i Cloud Computing
to new levels of efficiency and agility. So-called private cloud software addresses that need with many moving parts, including virtualization management, metering and chargeback systems, automated configuration, identity management, self-service provisioning, application management, and more. Though far from complete, the OpenStack private cloud solution is compelling in part because it follows a Linuxlike open source model. Today, under an Apache license, the OpenStack kernel has three components: Compute (for managing large networks of virtual machines), Object Storage (for massive storage clusters), and Image Service (for managing virtual disk images). Around that kernel as with Linux distros vendors add value. Between its debut in October 2010 and today, OpenStack has already undergone four revisions. The fifth, codenamed Essex and scheduled for release in spring 2012, will include two new components: Identity, for authentication and authorization, and Dashboard, a UI for managing OpenStack services. But OpenStack is hardly the only game in town. Its bestknown competitor is Eucalyptus, a private cloud implementation of Amazon Web Services that enables you to move workloads back and forth between Amazon EC2 and Eucalyptus (which also comes in an open source version). Then theres Puppet, a wildly popular configuration
Special Report 3
management framework designed to automate almost any repeatable task in the data center. Puppet can create fresh installs and monitor existing nodes; push out system images, as well as update and reconfigure them; and restart your services all unattended. If youre willing to pay the licensing fees, you can even build an all-VMware private cloud. Virtualization is the underpinning of the private cloud and VMware still offers the most advanced virtualization management tools. In October 2011, VMware announced three new suites to simplify and automate IT management, including vCenter Operations Management Suite (an update of vCenter Operations for monitoring infrastructure and managing configuration), vFabric Application Management Suite (mainly devops tools), and IT Business Management Suite (to report on operating expenses, services levels, and so on).
First, the buzzwords cloud computing are enmeshed in computing . Im not sure I ever liked the term, though Ive built my career around it for the last 10 years . The concept predated the rise of the phrase, and the concept will outlive the buzzwords . Cloud computing will become just computing at some point, but it will still be around as an approach to computing . Second, were beginning to focus on fit and function, and not the hype . However, I still see many square cloud pegs going into round enterprise holes . Why? The hype drives the movement to cloud computing, but there is little thought as to the actual fit of the technology . Thus, there is diminished business value and even a failed project or two . Well find the right fit for this stuff in a few years . We just need to learn from our failures and become better at using clouds . Third, security will move to centralized trust . This means well learn to manage identities within enterprises and within clouds . From there well create places on the Internet where well be able to validate identities, like the DMV validates your license . There will be so many clouds that well have to deal with the need for a single sign-on, and identity-based security will become a requirement . Fourth, centralized data will become a key strategic advantage . Well get good at creating huge databases in the sky that aggregate valuable information that anybody can use through a publicly accessible API, such as stock market behavior over decades or clinical outcome data to provide better patient care . These databases will use big data technology such as Hadoop, and they will reach sizes once unheard of . Fifth, mobile devices will become more powerful and thinner . Thats a no-brainer . With the continued rise of mobile computing and the reliance on clouds to support mobile applications, mobile devices will have more capabilities, but the data will live in the cloud . Apples iCloud is just one example . Thats the top five . Give them at least three years to play out . David Linthicum
J A N U A R Y 2 012
i Cloud Computing
simplicity seems paved with even more complexity. The irony is if you choose to relocate your data center to the public cloud, that complexity will not magically disappear. IaaS is still infrastructure. You wont need to pay for hardware up front, and you wont need to employ people to stand up boxes or reroute cables, but your own IT people will still need to watch the meters and turn the dials remotely. Very likely, theyll need cloud-specific skills on top of the usual skills required to run a data center. Ultimately, ITs mission is to deliver applications either bought or built for the business. In the long run, the cloud that really simplifies IT will largely be composed of SaaS and PaaS (platform as a service). Slowly, haltingly, Microsoft is moving in that direction with Office 365 and Azure. Salesforce lives there and its newly acquired PaaS play Heroku now goes beyond Ruby to support Node.js, Java, and Python. And of course, theres Google Apps and Google App Engine. Those are just a few big names amid hundreds of SaaS and PaaS players. But its still too early for any but the smallest startup to consider going without local infrastructure at all. Instead, were entering a long hybrid cloud period, with a chunk of public cloud infrastructure over here, some SaaS
Special Report 4
apps over there, and a local data center that through Herculean efforts to overcome complexity will be somewhat easier to manage thanks to private cloud software. All that will need to be integrated together. Gaurav Dhillon, CEO of cloud integration startup SnapLogic, wants to supply that connective tissue between cloud services and on-premise applications as do several other public cloud integration services, including Boomi, acquired by Dell a little over a year ago. Dhillon recently told me 2012 is the year the enterprise cloud ... the first time enterprises use the public cloud in a big way. Maybe so, although it will still be a small slice of the enterprise IT spend. I have little doubt the cloud will triumph in the end the economies of scale are just too compelling. But were at the beginning of a very long ascent skyward, with many convoluted twists and turns along the way.
Eric Knorr is the editor in chief of InfoWorld
Private clouds are very much like traditional computing: You have to purchase your own hardware and software, configure all elements, and pay employees to watch over it as they would a data center or any other IT infrastructure . Thus, the core benefit of cloud computing shared resources can be lost when creating and maintaining a private cloud . Considering the relative costs and benefits of a private cloud, many enterprises start with public clouds instead . The reasons are obvious: You can be up and running in a short amount of time, you pay for only the resources you consume, and you dont have to push yet another server into the data center . Good initial uses of the public cloud include prototyping noncritical applications on a PaaS cloud or providing simple storage via IaaS . A significant benefit is that you get real cloud computing experience, not more data center exercises under a new name . From there, you can take the lessons learned to get better usage of more public clouds, to deploy a private cloud that leverages cloud principles, and/or to take strong advantage of a mix of public and private clouds (a hybrid cloud) . Ironically, starting with the public cloud removes much of the risk of moving to the cloud; youre not making the large capital and labor investments and nervously awaiting the expected benefit . The costs of using the public cloud are low, and the payoff (especially the learning aspect) is high . Of course, many Global 2000 enterprises are still wary about using public clouds . Negative perceptions regarding cloud security, performance, and reliability can be daunting obstacles, but those fears are quickly overcome when you take into account the real costs and the real value private clouds versus public clouds . The latter wins every time as long as youre willing to share . David Linthicum
J A N U A R Y 2 012
i Cloud Computing
S TAT E O F T H E C LO U D
Special Report 5
J A N U A R Y 2 012
i Cloud Computing
Special Report 6
abstraction there is just as much of a need to manage the WiNNERS: SySTEM ADMiNiSTRATORS details of resource management and performance as with Other than architects, the jobs undergoing the greatest physical servers, he says. Instead of only having to deal change as cloud encompasses the data center are those with the number of variables you might involving hands-on system adminisSUBSCRIBE TODAY have within one server farm or data centration. ter or smaller set of servers, in a cloud- Keep up to date on the Architects may design and tune based infrastructure you can allocate latest mobile news with cloud infrastructures, but system resources like memory or CPU cycles or administrators do the detailed work the InfoWorld Cloud bandwidth or I/O across the whole orgaof spreading workloads across servnization. Thats a far more complicated Computing newsletter. ers, virtual servers, and data centers, picture. assigning CPU cycles, memory, storDelivered straight to Within a cloud infrastructure, the relaage, and other resources as needed your inbox each week. tionships among applications, networks, to keep performance high. and servers are far more complex than If you dont change job descripDont miss a beat, traditional infrastructures because there tions so sys admins arent restricted are so many additional connections, says wherever you happen to one silo because the applicato be. Sign up now! Rachel Dines, an infrastructure and operations and VMs in an internal cloud tions analyst at Forrester Research. That arent restricted, either youre letmeans architects are essential. ting the potential gain in efficiency Despite the abstract notions that people typically associfor IT people go to waste, says Forrester analyst Dines. ate to architects, the reality is that much of the job focuses You cant get the most out of a cloud infrastructure if your on the critical details than enable everything to work well. admins are still suck in older ways of doing things. For example, people tend not to think of performance At VMware, for example, Egan thought it made more tuning in cloud or virtualized systems, says Patrick Kuo, an sense to distribute IT staffers to individual business units independent consultant who has helped build Web and viraccording to the amount of IT resources used by that unit. tual-server infrastructures at Dow Jones, the U.S. Supreme Rather than working in the data center and being responCourt, and the Defense Information Services Agency. sible for supporting a business unit, theyre located in and He advises that you start with the right servers and proresponsible to IT managers within that business unit feelcessors make sure each has enough power, memory, and ing and being treated as a part of the business-unit team cache, and that network connections are reliable and fast rather than as support from outside the department, Egan then split major functions and distribute each across the says. infrastructure to help avoid bottlenecks from weak links in But cutting the absolute connection between system the computing chain, or concentrations of too many workadministration and physical hardware doesnt eliminate loads in one place, Kuo says. the need to maintain the hardware, consultant Olds notes. Weve been able to get better performance in many case You have to have people handling the hardware itself or with a four-tier architecture instead of your typical threethe networks, but a lot of the things we used to do have tier, putting a layer of caching in the front, then the apps gone away, Olds says. You dont usually have someone servers holding most of the logic, then the Web servers and sitting and rebuilding a server for hours or days. If a server a replicated database backing them up. Its all n-tier applicagoes bad, you pull the card out of the chassis, throw it away tion design, but it has to be done differently in virtualized and slot in another. Or you close out the VM and provision environments like cloud services or you get bottlenecks in another. Then you go on to the next thing. Its a far higher places you wouldnt think would cause problems, Kuo level of efficiency. says.
i Cloud Computing
to make major changes to their responsibilities and daily routines under cloud infrastructures and for the same reasons that apply to sys admins, consultant Cramm says: If all the system administrators are responsible for processes running in portions of the cloud distributed throughout the company, it makes no sense to have their direct supervisors locked in the old silos. IT gains from loosening organizational structures so that people are assigned to support specific business functions or business units, rather than to a specific server, says James Staten, a cloud computing and infrastructure analyst at Forrester Research. Most companies moving into cloud or virtual computing for the first time dont appreciate how restrictive organizational silos can be in slowing or stopping a migration, even if the only problem is the need to continually make ad hoc decisions about who is responsible for which workloads or Web services, he adds. The result of the cloud for IT supervisors is a role similar to the one they have today but in a far larger environment one that could encompass the whole enterprise rather than just one facility.
Special Report 7
J A N U A R Y 2 012
i Cloud Computing
you choose can supply. In some ways thats actually better because you learn more about standardizing on efficient processes rather than customizing everything. Consultant Cramm expects the demand for developers to remain strong in a cloud-oriented enterprise its just that less of the development will be done internally and more by outsiders. If you can get what you need externally, in terms of enterprise applications, why build it yourself? she asks. Someone still has to do that programming; its just not you.
Special Report 8
seeing is that companies are willing to hire those [specialized] skills from outside on a temporary basis. So you end up with IT being populated much more by IT generalists, but theyre generalists with a lot higher level of skills than before. Thats good internally because youre hiring experienced people, but it makes getting that first job or two harder for people right out of school or who are very early in their careers. Theres a higher barrier of skills to climb.
J A N U A R Y 2 012
i Cloud Computing
C LO U D D E V E LO PM E N T
Special Report 9
J A N U A R Y 2 012
i Cloud Computing
C LO U D D E V E LO PM E N T
Special Report 10
CLOUD DEVELOPMENT GOTCHA 1: THE CLOUD DOESNT ALWAyS WORk LikE THE REAL WORLD
Developers might find that the configuration they use in production is hard to replicate on cloud services. For example, with an application you develop in the cloud before bringing back to run locally, you might need to test against a legacy system that you cant simply copy onto a
INFOWORLD.COM DEEP DIVE SERIES
i Cloud Computing
ment tools if I had not planned carefully. To avoid that ongoing round-tripping, Taylor had to change his database development approach: By developing a clear ERD [entity relationship diagram] with all needed fields first, my Web app is efficient and my overall development time is greatly reduced. In some cases, cloud development tools do work like the real world at least, of yesterdays version of the real world. Jeff Hensley, HRIS senior analyst at DaVita, a health care firm specializing in kidney dialysis, was surprised that developers working in the cloud needed to use commandline tools, XML, and SQL, which reminded me of the old DOS days. He expects that old-school approach to change over time as adoption increases. DaVita is using both cloud-based application delivery platforms and hosted servers to develop and deliver human resources data warehouse and business intelligence applications.
Special Report 11
CLOUD DEVELOPMENT GOTCHA 2: SOME APPS ARENT iDEAL FOR DEVELOPMENT iN THE CLOUD
The more hard-to-access or hard-to-replicate systems an application integrates with, the more difficult it is to develop and test it on cloud computing resources, Knipp says. For example, Dan Stueck, vice president of IT for Faith Educational Ministries, avoids developing high-end applications in the cloud that have extreme data security or regulatory restrictions, or rely on legacy coding projects, such as those in Cobol. Those two are probably best kept in house, he says, the first due to the obvious security concerns, and the second because of the dead language issue. Where Stueck has used the cloud is to run a development server on Amazon.coms public cloud service and to build a student information system, student transcript archive, and home schoolbook selling application in the cloud.
from Salesforce.com to build a custom application that allows outsourced reps to enter sales data into 20/20s order-to-invoice-to-payroll tool. The thing that was probably most unexpected was how well the entire [cloud development] project was received by the management and sales teams and everyone who uses the system, [and] how poorly it was received by the IT organization and in particular developers, says Mark Warren, chief architect at 20/20. The IT people were accustomed to working with Microsoft .Net, SQL Server, Java, and other traditional development platforms, Warren says, and Force.com was a completely different model. If you know SQL and Java, thats your toolbox, and youre not going to want to go to this completely alien platform thats coming in, Warren says. As a result, the sales application was developed primarily by business staff, not by IT developers. That brought its own set of challenges, Warren says, the biggest of which was a lack of understanding among the businesspeople about change management and IT governance. IT has a level of discipline that businesspeople are not used to having enforced on them, Warren says. We had to bring them up to speed on change management issues. As for addressing the reluctance of technology people to develop in a cloud environment, there are programs IT can implement to help adopt cloud computing internally, Warren says. Training is certainly a good method to facilitate, he says. However, unless the culture of IT is open to new methods and technologies, organizational change [getting new developers] may be the only option.
CLOUD DEVELOPMENT GOTCHA 3: DEVELOPERS OFTEN DiSLikE THE UNFAMiLiAR CLOUD TERRiTORy
Cloud computing is still relatively new to a lot of organizations, and it can be a disruptive technology, including in the development arena. 20/20 Cos., a provider of outsourced sales services, used the Force.com cloud platform
INFOWORLD.COM DEEP DIVE SERIES
J A N U A R Y 2 012
i Cloud Computing
CLOUD DEVELOPMENT GOTCHA 5: NETWORk iSSUES CAN bEDEViL PRiVATE CLOUD ENViRONMENTS
Developing in the cloud sometimes means developing in your own private cloud, which may not have the multitenancy and load-movement capabilities that keep your applications available 24/7. In a private cloud environment, one of the challenges is to design for and anticipate scheduled and unscheduled maintenance of the servers, and how to fail over gracefully, says David Intersimone, vice president of developer relations at Embarcadero Technologies, a provider of database management tools. Embarcadero is using its virtualized data center for application building and testing. For internal private clouds, we have a couple of options: choosing the scheduled date/ time, and staging which servers are done in a certain order, Intersimone says. There are automated build and automated smoke test processes that are running all the time in our main private cloud and also in regional development offices. To get a more available environment, Intersimone says hes looking into a cloud container and virtual private network offering from CohesiveFT that can be installed in public and private clouds to provide on-demand scaling, failover, disaster recovery, and disaster readiness. Other issues that can affect development and testing involve network delays and latency and the size of network pipes, especially in certain parts of the world. Embarcadero has research and development centers in Scotts Valley, Calif., Monterey, Calif., Toronto, St. Petersburg, Fla., and Iasi, Romania, plus a sprinkling of smaller teams and individuals throughout the world. Embarcaderos geographically diverse development environment makes it harder to synchronize check-ins, builds, and automated testing, Intersimone says. To solve some of this, developers do local builds and regional builds, as well as on the code check-in, on the virtual servers available to all. Developers also do local builds on their own machines. Embarcadero ensures these dont fall out of sync with the master versions on the private cloud by using Subversion, an open source tool for source code control. When a build occurs, an automated test is run to validate the build, Intersimone says. Then notifications go to all development teams and the build is automatically pulled over a Chinese wall to a large number of automated test
INFOWORLD.COM DEEP DIVE SERIES
Special Report 12
virtual machines at our development centers. Automated and manual tests are done on the resulting build to verify the status, and emails go out to other team members after this process is completed. All of this happens continuously during a projects development lifetime, he says.
CLOUD DEVELOPMENT GOTCHA 6: iTS EASy TO LET THE METER RUN UNNECESSARiLy ON THE CLOUD
Another potential problem is wasting money on cloud fees. Developers can easily forget or neglect to turn off virtual machines they arent using. Ive heard from some clients that let developers go wild with virtual machine resources that sometimes the developers would just leave stuff up and running, say over a weekend, Gartners Knipp says. When it was on an in-house, capitalized server, this was no big deal. But when it is on usage-metered, leased resources as with public cloud computing, this is a waste of money. Knipp says he expects this to become a new challenge for enterprises as they roll out private cloud initiatives. While theres little risk in getting a big, unexpected bill for developer virtual machine usage in a private cloud, in a self-service, private IaaS environment, a developer can spin up VMs and never turn them off, Knipp says. These will effectively eat up resources from machines that are not being effectively utilized and could result in the organization buying too much capacity as planning gets skewed.
CLOUD DEVELOPMENT GOTCHA 7: CLOUD LiCENSES CAN CONTAiN SURPRiSiNG DEPLOyMENT RESTRiCTiONS
Among the nontechnical issues with the cloud that can have an impact on development are licensing restrictions. Two years ago Kelly Services, a national temp agency, decided to use cloud-based development for many of its homegrown applications, with Salesforce.coms Force.com platform acting as the delivery vehicle. Cloud development has brought benefits such as faster turnaround time on app development and lower costs, says Joe Drouin, CIO at Kelly Services. But the company also encountered some unexpected issues with licensing, specifically regarding what types of user seats it had and what limitations they carried. For example, a seat might have a set number of objects a user could access. As a result, at some
J A N U A R Y 2 012
i Cloud Computing
points we were surprised by what we could or couldnt do with development, Drouin says.
Special Report 13
CLOUD DEVELOPMENT GOTCHA 9: THE CLOUDS FAST PACE OF CHANGE CAN bE HARD TO kEEP UP WiTH
IT services provider Avanade uses the Azure cloud plat-
form from its part owner Microsoft, along with Microsoft development tools, to develop and test both internal and client work. The familiarity of the development tools and the speed of the development and test environments have been pluses for the firm, says Graham Astor, director of global solutions at Avanade. But being on a quickly evolving cloud development platform means its necessary to update best practices frequently, he says. Azure is on a two-month release cycle of performance and feature improvements, so Avanade meets monthly with members of the Microsoft product teams to get a heads-up on whats coming. Would others get that kind of access? I have no idea, Knipp says, but it is in Microsofts interest to get as many consulting firms as possible on board with Azure, in order to drive adoption. Despite the learning curve, cloud development is appealing Despite the potential challenges, for many organizations application development in the cloud rather than sticking with traditional methods makes sense, for the same reasons that cloud computing in general makes sense: elasticity of resources and cost, and reduced operational complexity, both of which lead to shorter completion time.
Bob Violino is a freelance writer who covers a variety of technology and business topics. He can be reached at bviolino@optonline.net.
Who wouldve thunk 10 years ago that Amazon .com would have the best cloud plays since Salesforce .com? Amazon .com has succeeded despite some very well-publicized AWS outages that hurt smaller companies . We appear to have short memories around those events: AWS sales did not seem to miss a beat . Its clear that AWS quickly rises to the top in its selections for a few good technical reasons, including well-thought-out and finegrained APIs and services, ease of on-boarding, and best third-party support .The APIs are how applications access the infrastructure services that AWS provides, such as processor, storage, and database . The AWS API sets have a better design than those of their counterparts, providing the best access to primitives, meaning the ability to get pretty close to the metal . The decision to use finegrained services for access to AWS cloud services clearly pandered to developers who like control . Moving onto AWS is a fairly seamless process, and the less friction when you move to a cloud provider, the more business that provider gets . I hope others figure that out, because in many instances, on-boarding clients onto their cloud offerings is a huge pain . Finally, there is third-party support lots of it . Everyone loves and supports AWS, including many new companies that provide IaaS cloud management services that not only support AWS, but run in AWS . You cant get a better validation than that, and I suspect that much of the billion dollars in AWS sales this year will come from partners . AWS is doing many things right, and it continues to be the 800-pound gorilla of IaaS . Perhaps the emerging cloud computing space needs one of those right now . David Linthicum
J A N U A R Y 2 012
i Cloud Computing
C LO U D S TA N DA R DS
Special Report 14
whole different kind of approach than Amazon has. InfoWorld: You wouldnt say there is any significant difference in technology support? Moorman: I think there is. We really want to build our cloud products to look and feel and act like traditional infrastructure. So we have persistent storage, we have static IPs, we are going to use VHDs, not a proprietary standard of disk format. So we are committed to having things look and feel and run very much like traditional infrastructure, which makes it very easy for people to use our cloud products. I think that Amazon has had just a different approach. Its not better or worse, its just different. InfoWorld: So in a nutshell, high availability and disaster recovery is cheaper under your model? Moorman: No, I wouldnt agree with that. InfoWorld: Its more familiar? Moorman: Its simpler. Its more familiar there arent new concepts to learn to use our cloud. We want to eliminate this need to re-architect for the cloud as much as possible, and we want things to work like youre used to them working. InfoWorld:Could you give me a breakdown of applications on your cloud? Moorman: I can give you a general sense. We have a lot of our enterprise customers who are using our cloud for dev and test, and so its a great option for that. But I would say the predominant is public, bursty websites. So if you look at big media companies ... any company ... InfoWorld: E-commerce? Moorman: ... yeah, e-commerce, running promotional websites, public websites, the cloud is just such a better fit for it. Because many times you run promotions or run new initiatives and you have no idea how big theyre going to be. So the ability to be able to sort of fine-tune that over time is something that really makes a big difference for customers. InfoWorld: So you spoke about having your roots in hosting. To me, the lines between hosting and enterpriseclass IaaS have never been crystal clear. You offer both. Talk to me about where you see the real points of differJ A N U A R Y 2 012
i Cloud Computing
entiation. Moorman:We draw a distinction around our cloud products, which are really software-powered infrastructure. And because of that, theyre highly productized. With our cloud servers, you can get small, medium, large we have eight sizes but the components of what is in that server are identical across the board and you cannot change it. So the way the disk is configured, the way the network works, these are all productized options. Same with our storage offerings, our load-balancing options. You can do some configuration, but its within a tight range of things, because its software-powered. Its not something thats done through operations; you have to consume the products as they exist. With physical hosting and our traditional hosting, we can custom-configure servers any way you want them. We can build out a network any way you want it. We can set up storage any way you want it. Theres a lot more ability to customize and tailor; it makes it easier to get security. I think the cloud is extremely secure, but you have to go through more hoops and you have to do more to use this productized service set to get it as secure as youre used to in the physical world. InfoWorld: What about encryption? Moorman: Encryption is not a problem. I mean, you can encrypt across any of these technologies pretty easily. Its more about, how do you deal with a big flat open network in the cloud and how do you secure around where you dont have to do that? In the physical world we set up a private network for you with VLANing capabilities, and so you literally are in an out-of-the-box, very secure environment that is very easy to get set up. In the productized, scalable world, you just have to do other things. It can be extremely secure, theres just more work that has to be done because its in this highly productized model. So thats really the distinction we draw. And our general belief is that everyone should be using the cloud they just shouldnt run everything on it, and they should figure out where its a better fit. And so many, many of our customers will run databases. There are I/O issues in the cloud because of the hypervisor layer, and they dont want those performance hits. So they run their database tier in the physical world and then they run their application in a Web tier cloud in this combination. And we have ways to securely tie this together so its all on one network and works seamlessly. This is a very, very common model.
INFOWORLD.COM DEEP DIVE SERIES
Special Report 15
Theyre using the best of both worlds. InfoWorld: Its interesting listening to you talk about these very well-defined commercial cloud services. I think CIOs are still thinking: private cloud, private cloud, private cloud. The public cloud is either too risky or theyre going to have to cede too much power, like control over availability. These kinds of showstoppers still seem to be in place in larger companies. Are you seeing some movement there? Moorman: I think if you look at the small and medium business world, they are moving to cloud rapidly because theyre not going to run data centers anyway. But if you look at the Fortune 500, where theyre running data centers, I think that actually CIOs believe the cloud is real, but its just not for everything. Theyre going to have their own assets and their own data centers, and they want to make them more agile and more effective and more efficient. And so they want to build cloud-like capabilities inside the firewall, but theyre very interested in having their internal systems talk to their external systems. Were getting just incredible interest around OpenStack, in terms of big Fortune 500 companies wanting to transform their internal data centers and have all their predictable workloads run in-house on their own cloud, but have all the unpredictable (and in many cases new) applications run in cloud environments like ours. So I think youre going to see legacy infrastructure in data centers theyre going to continue to be in-house for some time. But I think that many new applications and much of the unpredictable workloads are going to go in public clouds. And I think the CIOs are more open to it than everyones letting on. I would bet the vast majority of Fortune 500 companies are using either us or Amazon in some sense. It might be very small, but they are experimenting with it, theyre dabbling with it, theyre running some applications. Theyre doing some test dev, and theyre seeing the power of it. InfoWorld: And how much is that going through lines of business and how much does the CIO know about? Moorman: Well, I think youre right. There is a lot of ... so-called rogue IT that is happening out there. But this is a fact of life for CIOs. InfoWorld: But lines of business didnt have this particular option before. Moorman: They did not. But theres no stopping that,
J A N U A R Y 2 012
i Cloud Computing
Special Report 16
and the long tail of applications that exist in a business are provider? going to explode. And IT departments are really built to Moorman: I would say the more likely scenario is that run five core applications that run a company. There are those core applications start to get disassembled. So instead going to be hundreds of applications in businesses that run of having a monolithic ERP system with ten modules, comthose companies, and IT departments are going to have to panies are moving more to service-oriented architecture respond to that. And theres no question in my mind that and are saying, look, we might use Salesforce for CRM, we public services are going to be part of it. might use Service-Now for ticketing. These big monolithic InfoWorld: What are you hearing from CIOs in how stacks are getting disassembled and piece by piece theyre they manage rogue IT with this cloud option? And do going to move to the cloud. you have any recommendation for CIOs InfoWorld: Talk to me about SUBSCRIBE TODAY in how they should look at that? OpenStack. The Holy Grail is the Moorman: I actually think CIOs are Keep up to date on the idea that when you need to you just now getting on top of it. A lot of them latest mobile news with can burst and you can manage know whats happening and theyre trying that external resource as if it were to get their arms around it, but theyre not the InfoWorld Daily of a piece with internal resources. succeeding. I think they need to get pro- newsletter. Would you say OpenStack is part of active. They need to realize that its real that journey? Delivered straight to and its happening and they need to view Moorman: We launched Openthemselves as enablers to allow the com- your inbox mornings Stack about nine months ago, and pany to get that extra productivity thats and afternoons, six days I truly believe its one of the fastcoming from all these applications that are a week. est, most successful open source getting built. projects in history. The amount of InfoWorld: What sort of controls can Dont miss a beat, interest, the amount of corporate a CIO put in place to make sure no one is wherever you happen sponsorship, the amount of enterduplicating effort or creating security probprise interest is just unbelievable. to be. Sign up now! lems, that sort of thing? The idea of an open source projMoorman: I think what they need to ect that allows them to increase the figure out is how do we handle all the agility of their own internal infrarequests around the most sensitive data so structure, but then also have the no one is compelled to put that on cloud service? But othpromise of a cloud that looks and acts and feels and can erwise, let people run. A public promotional website crebe federated in Rackspace, in Internap, in Korea Telecom, ates no corporate risk. If youre going to run a Super Bowl you know, this is a very exciting prospect for companies ad and want to put a complementary website up, theres the ability to go find capacity around the world. Its early really no corporate risk in doing something like that, and days. The code is in good shape, but its got a long way to they should let business units go get that done and not go to be out-of-the-box turnkey for people and really simple wait in a big long queue with the IT department to make to get going, but its getting there. that happen. InfoWorld: Give me a quick sort of technical overview, But what they should say is if you want to do somehigh-level technical overview of OpenStack. thing with critical data, we will be very responsive to you Moorman: OpenStack has really three core compoand we will help you get that done in a way that makes nents out of the gate. It has a compute orchestration layer, sense. So people arent compelled to do it with the most so the ability to sort of provision virtual machines, turn them critical data. So theyve got to start thinking about being a off and on, move them, back them up, all those kinds of service provider. things. It has an object storage system similar to our cloud InfoWorld: What about applications that may be more files. And then it has an image service called Glance, core to the business, but they want to use a public cloud which allows you to manage your images and use them to
INFOWORLD.COM DEEP DIVE SERIES J A N U A R Y 2 012
i Cloud Computing
sort of control workloads. So those are the three core components, which form the core of any cloud: the workload management, the compute, and the storage. Lots of new projects are emerging around it, including our load balancing service that weve donated. We have a block storage effort thats ongoing. We have a database service that were sort of working on. So a lot of these things will start to show up in the code as well, but the core elements are there to really run a cloud. And today we run the object storage and we are in the process of moving to the compute. The compute is really the next generation of our cloud, and we collaborated with NASA on that code. So we are in the process of moving to that code because its a whole new code base. We were going to re-factor our core code base anyway and now were doing it in the open and we have an active project. We really believe that this year will be completely on the OpenStack code. InfoWorld: And doesnt this require close collaboration with virtualization software providers? Moorman: OpenStack supports gosh, I dont know, were up to five hypervisors five or six, so Hyper-V, Xen, KVM, ESX, VMware, Oracles virtualization. So you can run multiple virtualizations. We are a Xen server shop in terms of running our cloud, and for the time being were pretty committed to that. But the truth of the matter is it is meant to be hypervisor-agnostic, platform-agnostic. So over time, if it makes sense for us to use VMware or use Hyper-V, well have an option to do that. And certainly companies that want to run these technologies in-house can choose their hypervisor. Were getting great support from those players, and Microsoft has contributed to the project, Citrix is a major contributor to the project. These are open platforms that have open APIs that you can interact with. So OpenStack is meant to work well with all of them. InfoWorld: Do you think the distinction between IaaS and PaaS (platform as a service) is blurring? Right now its kind of hard to argue that Amazon is just IaaS, since theyve incorporated so many extra services in there. Moorman: I think its absolutely blurring and I think its going to continue to blur. So our load balancing service is out, our database service is coming, so these raw components are going to be there in every major cloud. And then, when you put orchestration around it, you really have platform as a service on the fly. And I think that is a model
INFOWORLD.COM DEEP DIVE SERIES
Special Report 17
that we believe in. I think the integrated platforms, like Heroku and others have a place, and we love those guys and we hope they build on top of us. InfoWorld: By a place, you mean theyre for experimenting and youre for the real deal? Moorman: Well, heres the difficulty. I think the magic platform is whats very appealing to people. But these integrated platforms constrict you to using their stack in the end. And I think what ends up happening is we have a number of customers who have started on Heroku and have sort of moved over to a model where they can tweak it, adjust things, and get exactly the version of Rails they want and sort of add these modules. So the magic comes at a cost, which is its a very prescribed stack, end to end, and I think that ends up causing issues. Whereas if you have an orchestration system, where you rope in this new technology, rope in that new technology, and make it all work seamlessly, that ends up providing a lot of flexibility. And I think thats a model that is very appealing. But let me tell you something: I think Heroku and PHP Fog and some of these guys have done some really brilliant things and I think its something to keep an eye on, and something that were certainly watching closely. We want them to partner with us and build on top of us. InfoWorld:What other development environments might you host? Moorman: Were going to keep our options open. We want to make it easy to host all those applications. And once we have this full complement of platform services, like database and load balancing, its going to make these platforms easier to host. There are people who are getting Cloud Foundry up and running on our cloud and making it happen, so were going to learn a lot over the next couple months. Were talking to Microsoft theyre eager to get Azure running with their partners. InfoWorld: So maybe you could offer Microsofts 1,000-server, private cloud Azure offering as a public cloud? Moorman: Possibly. Well see. Azure has been an interesting development. But it seems to me that it has not captured the imagination in terms of the market. And I think part of that is just the platform as a service is a hard concept for folks to sort of get their heads around. People are used to thinking in terms of servers and sort of traditional concepts. InfoWorld:Well, youre not going to consider Azure
J A N U A R Y 2 012
i Cloud Computing
unless youre a .Net shop. Moorman: To me, thats the interesting part. I actually think Microsoft has a platform problem, not a cloud problem. Theyve invested heavily in the cloud side of it, but what they really need to do is make .Net more relevant to everyone building startups around here. The startup community is not using .Net, and that is the problem theyve got to solve and I think by just having a cloud theyre not going to solve that problem. They need to make it a platform that people are gravitating towards. And I think that their bigger issue is .Net and the toolsets that they have. And actually, in some ways, Azure is complicated because they now have introduced SQL Azure, which is a whole new platform you have to get your arms around. Why is the world building on Rails and Python? That is, I think, the problem that Microsoft has to solve. InfoWorld: Well said. So talk to me a little about compliance issues as they relate to the public cloud. Theres a sense that some of some compliance regulations are a barrier and need to be revisited, Its even inhibiting [federal CIO] Vivek Kundras cloud initiative for the federal government. Moorman: Well, I am on the Cloud Commission Vivek has started, and I have to say the government has done a great job Vivek in particular leading on this with its Cloud-First policy for the government. I think they are moving faster than corporate America today in many cases. And they have a strong interest in making America the leader in cloud computing and advancing very, very quickly. But absolutely there are issues. The ones that I am most interested in are data flows and natural sovereignty issues around data. There is a lot of fear around the Patriot Act and the ability of the government to get data if its hosted in America. These are things that I think do slow down cloud computing in America. And I think the government is very open to listening to it and understanding it. But for me, that is one of the bigger issues, making it very clear that if you put your data in the cloud, what control are you losing? Or if you put the data in America, what control are you losing over the access of that data by governmental authorities? I think theres probably more FUD than there is reality, but there are issues, and weve got to get clarity on it. And the way we interact with government agencies has got to become very standardized and clear. InfoWorld: So theres no real pending legislation yet?
INFOWORLD.COM DEEP DIVE SERIES
Special Report 18
Moorman: Theres not. The commission is really charged with coming up with three or four very concrete recomendations to then go advocate legislatively. InfoWorld: One last question. In the old days, ASPs [application service providers], which were the first wave of cloud computing, had a problem they tried to do too much for too many different customers and couldnt scale. With all the different services you offer particularly managed services isnt there a danger that may happen to you? Moorman: In terms of scale, I think were at scale. Amazon is a much bigger company than we are, but in terms of running infrastructure, were a pretty big company. I think if youre a $50 million hosting company, youve got scale issues. InfoWorld: Im not talking about infrastructure. Im talking about your really broad range of services. Moorman: To me cloud computing is hosting version 2. And it is very much within our wheelhouse. I actually think that you will see a lot of these offers get standardized. I dont think theres an infinite number of solutions. I mean, if you look at our managed hosting offering, its been pretty stable for the last five years as it has matured. I think cloud computing will hit a maturity curve and it doesnt mean there wont be innovations on the margins there absolutely will be. But there will be a set of standard types of offerings. Once you have computing and storage and networking, the rest of it is important, but that core is really at the heart of what we do, and our services on top of it are pretty productized and consistent. I also think that our commitment to open source is going to allow us to have a velocity that does not depend on us doing everything alone. And the amount of code [being] contributed from the rest of the world, and the standards that are going to exist because of that, is something that gives us an advantage that no one else will have unless they decide to get on board with OpenStack then everyone will have it. What we want to do is get to a world where these things are standardized and the experience is what the difference is. And we think that were the best in delivering a great experience and a great support model. Thats what were trying to accelerate and I think thats actually happening.
Eric Knorr is the editor in chief of InfoWorld.
J A N U A R Y 2 012
i Cloud Computing
T H E L A S T WO R D O N T H E C LO U D
Special Report 19
J A N U A R Y 2 012