Cloud computing is here to rule. Right now, most of the small, medium enterprises have gone 100% on cloud. I have seen several startups - which are using cloud services for all their computing needs. But large enterprises are reluctant to move to cloud services and rightly so. Many companies are just testing waters and have held back on full scale deployment of cloud IT services.
Today the cloud services have several deficiencies - which from an enterprise prespective are the basic requirements for them to consider cloud services. In this article I have written about about 6 basic requirements for enterprises to adapt cloud services in a big way.
1. Availability - with loss less DR
Customers want their IT services be up and available at all times. But in reality, computers sometimes fail. This implies that the service provider should have implemented a reliable disaster recovery (DR) mechanism - where in the service provider can move the customer from one data center to another seamlessly and the customer does not even have to know about it.
As a cloud service provider, there will be enormous pressure to minimise costs by optimally utilizing all the IT infratrucrture. The traditional Active-Passive DR strategy is very expensive and cost ineffecient. Instead, service providers will have to create an Active-Active disaster recovery mechanism - where more than one data center will be active at all times and ensures that the data and services can be accessed by the customer from either of the data centers seamlessly.
Today, there are several solutions that are available to do just that. EMC VPLEX solution to maintain an Active-Active data center. Another approach will be implement Hadoop/Hive stack for data intensive applications such as emails, messaging, data store, services.
In an ideal senario, the customer on the cloud services should not even notice any change at all and the movement of all his data & applications from one data center to another must be transparent to the end user.
2. Portability of Data & Applications
Customers hate to be locked into a service or a platform. Ideally a cloud offering must be able to allow customers to move out their data & applications from one service provider to another - just like customers can switch from one telephone service provider to another.
As applications are being written on standard platforms - Java, PHP, Python, etc. It should be possible to move the customer owned applications from one service provider to another. Customers should also take care to use only the open standards and tools, and avoid vendor specific tools. Azure or Google services offers several tools/applications/utilities which are valuable - but it also creates a customer lockin - as the customer who uses these vendor specific tools cannot migrate to another service provider without rewriting the applications.
To illustrate this, today in India, customers can move from one cell phone service provider to another without changing thier handsets, but in US, if one were to move from AT&T to Verizon, one needs to pay for the handset - which forms a customer lock in instrument.
With public cloud services, customers should be able to move their data & applications from one cloud to another - without distrupting the end user's IT services. This movement should be transparent to the end user.
The Cloud Computing Interoperability Forum (CCIF) was formed by organizations such as Intel, Sun, and Cisco in order to enable a global cloud computing ecosystem whereby organizations are able to seamlessly work together for the purposes for wider industry adoption of cloud computing
technology. The development of the Unified Cloud Interface (UCI) by CCIF aims at creating a standard programmatic point of access to an entire cloud infrastructure.
Recently in EMC world 2011, EMC demonstrated moving several active VMs & applications from EMC data center to CSC data center without disruption of service. This was just a proof of concept, but to make this a common place, some amount of regulation and business coordination will be required.
However, in their current form, most of cloud computing services and platforms do not employ standard methods of storing user data and applications. Consequently, they do not interoperate and user data are not portable.
3. Data Security
Security is the key concern for all customers - since the applications and the data is reciding in the public cloud, it is the responsibility of the service provider for providing adequate security. In my opinion security for customer data/applications becomes a key differentiator when it comes to selecting the cloud service provider. When it comes to IT security, customers tend to view the cloud service providers like they view banks. The service provider is totally responsible for user security, but there are certain responsibilities that the customer also needs to take.
The service provider must a robust Information Security Risk Management process - which is well understood by the customer, and customer must clearly know his responsibilities as well. As there are several types of cloud offerings (SaaS, PaaS, IaaS etc), there will be different sets of responsibility for the customer and the service provider depending on the cloud service offering.
When it comes to security, the cloud service providers offer better security than what the customer's own data center security. This is a kin to banks - where banks can offer far greater security than any individual or company. The security in cloud is much higher due to: Centralized monitoring, enhanced incidence detection/forencics, logging of all activity, greater security/venerability testing, centralized authentication testing (aka password protection/ssurance), Secure builds & testing patches before deployment and lastly better security software/systems.
Cloud service providers know that the security is the key to their success - and hence invest more on security. The amount of efforts/money invested by cloud service providers will always be greater than the amount an individual company(most) can spend.
Security issues will also be addressed through legal & regulatory systems. Despite the best IT security, breaches can happen and when it happens, the laws and rules of the land - where the data resides play an important role. For example, specific cryptography techniques could not be used because they are not allowed in some countries. Similarly, country laws can impose that sensitive data, such as patient health records, are to be stored within national borders. Therefore customer needs to pay attendtion to Legal and regulatory issues when selecting the service providers.
Managing the cloud infrastructure from the customer prespective must be under the control of the customer admin. Customers of Cloud services must be able to create new accounts, must be able to provision various services, do all the user account monitoring - monitoring for end user usage, SLA breaches, data usage monitoring etc. The end users would like to see the availability, performance and configuration/provisioning data for the set of infrastructure they are using in the cloud.
Cloud service provider will have various management tools for Availability management, performance mangement, configuration management and security management of applications and infrastructure(storage, servers, and network). Customers want to know how the entire infrastructure is being managed - and if possible can that management information be shared with them, and alert the customer on any outage, slow service, or breach of SLA as it happens. This allows customer to take corrective actions - either move the applications to another cloud or enable their contigency plans.
Sharing the application performance and resource management information will help improve utilization and consequently optimize usage by customers. This will result in improving ROI for the customers and encourage customers to adapt cloud services.
As customers buy cloud services from multiple vendors, it will become a necessity to have a unified management system to manage all the cloud services they have. This implies that cloud service providers must embrace an XML based reporting formats to provide management information to customers and customers then can build their own management dashboards.
Customer on Cloud computing have a dynamic computing loads. At times of high load, they need greater amount of computing resources available to them on demand, and when the work loads are low, the computing resources are released back to the cloud pool. Customer expect the service provider to charge them for what they have actually used in the process.
Customers also want a self service on-demand resource provisioning capability from the service provider. This feature enables users to directly obtain services from clouds, such as spawning the creation of a server and tailoring its software, configurations, and security policies, without interacting with a human system administrator. This eliminates the need for more time-consuming, labor-intensive, human driven procurement processes familiar to many in IT.
This implies that the dynamic provisioning system should be the basic part of cloud management software - through which users can easily interact with the system.
To provide an elastic computing resources, the service provider must be able to dynamically provision resources as needed and have adequate charge back systems to bill the customer.
In reality, it may not be possible for any single cloud service provider to build an infinitely scalable infrastructure and hence customers will have to rely on a fedrated system of multiple cloud service providers sharing the customer loads. (Just like a power grid, where the load gets distributed to other power plants during peak loads)
6. Federated System
There are several reasons as to why customers will need a Federated cloud system. Customers may have to buy services from several cloud service providers for various services - email from Google, online sales transaction services from Amazon and ERP from another vendor etc. In such cases customer want their cloud applications to interact with other other services from several vendors to provide a seamless end to end IT services.
This implies that each of the cloud services must have an interface with other cloud services for load sharing & application interoperability.
In a federated environment there is potentially an infinite pool of resources. To build such a system, there should be inter-cloud framework agreements between mupliple service providers, and adequate chargeback systems in place.
Having a federated system helps customers to move their data/applications across different cloud service providers and prevents customer lockin.
Interoperability of applications across different cloud services has led to creations of standard APIs. But these APIs are cumbersome to use and that has led to creation of Cloud Integration Bus - based on Enterprise Service Bus (ESB).
As on today, the integration issues are still being worked out, and there is no universal standards for creating interop between different cloud applications.
Cloud services are still in its infancy and if cloud services were to attract large enterprise customers, then they need to do a lot more than today to address data/application portability, federated scalable system, complete end-to-end interoperability and security issues.
Watch this space as I will write more about cloud computing from business and management point of view.