Cloud computing perspectives and questions
The World Economic Forum started a research project at Davos 2009 concerning cloud computing, which they broadly define to include all kinds of remote services, from Software as a Service to virtual machines.
Andy Oram was asked to provide some ideas on the implications of cloud computing for business as well as its future operating environment. This wiki is a discussion forum where anyone with relevant and valid ideas can suggest points for ongoing research into the social and economic issues (as well as relevant technical issues).
Benefits and drawbacks for potential clients
- Organizations may be formed without cost of creating a systems and communications infrastructure
- allows new organizations to be formed with minimal overhead
- existing organizations can change personnel, move or mutate rapidly
- enables virtual organizations - with no physical infrastructure, just shared data and processes
- Total reliance on a cloud service (virtual machine services or SaaS)
- May be valuable for start-ups and skunkworks
- For larger organizations, useful for some well-defined functions, particularly non-critical ones. (But note that many companies use services for customer relations management and for paying employees, which could be considered critical functions.)
- Requires a thorough understanding of the cloud service's operations, the risks involved, and management techniques to handle the service and its risks.
- SaaS allows vendor to change or remove features capriciously, and clients cannot choose to keep old version by rejecting the upgrade
- Use of cloud to supplement in-house operations
- Useful for:
- Capital-poor companies
- Companies with growth rates that they can't support
- Handling peaks and spikes
- Handling large variations in their normal business volume
- Handling growth that will eventually be moved in-house
- Offloading in-house systems for updating, testing and installing major changes
- Requires skills in both domains (in-house and cloud) as well as strategies for migrating and replicating between them.
- Best if the cloud supplier can offer strong service level guarantees (SLAs)
- This form of outsourcing system administration can, in the long run, reduce the internal competence of how systems run, making it difficult for companies to judge SLAs and negotiate safe contracts.
Benefits and drawbacks of offering software as a service or using a development environment
- Benefits are extremely compelling
- Project start-up can be faster and cheaper
- Potential clients can use software simply by visiting a web page--no need to download anything, unless a plugin is desired
- Updates are immediate and do not require client action
- Testing can be simplified by simply cloning an instance of the software environment
- Many free software developers already use a service such as SourceForge or Launchpad to develop and distribute software.
- Main drawback, especially when using cloud service at a relatively high level (development environment or SaaS instead of virtual machines) is delivery through a web browser instead of running with native code
- Performance impacts (diminishing as technology improves)
- Lack of access to features of the operating system
- Restrictions on user interface (diminishing as technology improves)
- Other drawbacks are the same as for other organizations
- Administration may be more difficult, at least at current stages of the field's development
- Costs of using a virtual service may be higher than stand-alone servers for large projects
- Development tailored to a particular development environment such as Google AppServer or Windows Azure may limit portability
- The requirement that clients have network access makes cloud services inaccessible or difficult for:
- People without Internet access (much of the developing world)
- People with very slow Internet access (many areas in both the developing and developed world)
- People without continuous Internet access (dial-up, also still common in both the developing and developed world)
- On the other hand, services that are parsimonious in the use of bandwidth and client-side compute power can (through mobile devices) extend new services to previously cut-off populations.
- Low computing power requirements on the client side simultaneously lower the cost of the client (e.g. PC, laptop, etc.)
- SaaS application vendors are viewing mobile devices as an important part of their application stack
- What degree of geographic distribution offers sufficient safety for:
- Individuals or small companies
- Major corporations and organizations with reliability requirements
- Defense and other sensitive government functions
- Benefits of automatically distributing files, perhaps among multiple vendors (example; Cleversafe)
- Potential targets for attack in war or by terror
- Should there be resilience standards?
- Related to #Portability
- Importance: Backups are recommended for persistent data to another system or service outside of the cloud.
- Feasibility: All APIs can be emulated, so in theory organizations can use the same scripts and procedures to replicate operations in multiple services
- Trends: There are calls for "open cloud computing," referring to standards that would facilitate portability.
- Standards could lead to automatic, instant migration between cloud vendors.
- As with all standardization, it's hard to:
- Get vendors to cooperate on advances that would reduce client lock-in
- Slow down innovation in an emerging technology enough to produce a standard
- Energy trade-offs between concentrated megaservers and smaller systems distributed around the world.
- Impacts on localities where huge server farms are built.
- Related to #Portability
- Cloud eviscerates software freedom:
- New software and patches can be built on free software while still being hidden behind the cloud (except free software under the rarely used Affero GPL).
- (Mostly in regard to Saas) Even releasing the source code would have little to no effect, because the real lock-in for cloud services is its role as central repository: storing the data and (for sites with community aspects) providing connections among different visitors.
- Open formats so clients can extract data and reuse it elsewhere
- Cost and time to develop new software has decreased so much that SaaS features are no longer such a big selling point (see article, Free software meets corporate needs, including Software as a Service
- As alternative to centralized services, promote radically distributed systems
- Individuals maintain control of their own data and data processing and peer with others to share data and processing.
- Requires heightened identity and validation technologies (see articles From P2P to Web Services: Addressing and Coordination and From P2P to Web Services: Trust
- Use of popular cloud services (such as Google Docs)
- Familiar to staff and public alike, and therefore easy to promote use
- Quick and cheap to set up
- Allows integration of government message and discussion with other popular forums
- Often have policies that run counter to government needs:
- Services may access visitor data in ways that treat privacy cavalierly.
- Services may force visitors to take on liability requirements that governments cannot do.
- Lack the reliability, and sometimes the security, that the public has a right to expect of government services.
- May not have features governments need.
- Should governments collaborate on producing public-domain or open-source social networks and cloud services tailored to their needs?
Cloud Computing Standards
Standard Cloud Performance Measurement and Rating System (SCPM)
- To this end I propose the development of an open standard for cloud computing capacity called the Universal Compute Unit (UcU) and it's inverse Universal Compute Cycle (UCC). An open standard unit of measurement (with benchmarking tools) will allow providers, enablers and consumers to be able to easily, quickly and efficiently access auditable compute capacity with the knowledge that 1 UcU is the same regardless of the cloud provider.
- The cloud isn't about anyone single VM or process but how many VM's or processes work together. For example AMD's PR Performance Rating system which was used to compare their (under performing) processors to the leader Intel. Problem was it was for a very particular use case, but generally it gave you the idea. (Anyone technical knew Intel was better at Floating point, but most consumers didn't care or weren't technical enough to know the difference)
- Similarly cloud provider may want to use some aggregate performance metrics as a basis of comparing themselves to other providers. For example, Cloud A (High End) has 1,000 servers and fibre channel, Provider B (Commodity) has 50,000 servers but uses direct attached storage. Both are useful but for different reasons. If I want performance I pick Cloud A, if I want massive scale I pick Cloud B. Think of it like the food guide on back of your cereal box.
Cloud Computing / Cyber Defense & Security
Federal CloudBursting & Cyber Defense Contingency Plan
A few of the key points I will be presenting at Monday's Federal Cloud Standards summit in Washington DC include;
- Defining how to actually recover from serious Cyber attacks with a minimum level time cost and disruption.
- Focus on limiting the effects that cyber attacks cause.
- A plan to address specific strategies and actions to deal with cyber threats in realtime
- Include a monitoring process and “triggers” for initiating planned actions (GovBursting)
See my complete post here > http://www.elasticvapor.com/2009/07/federal-cloudbursting-cyber-defense.html