In This Issue
- An Executive Primer on Cloud Computing: What Vendors Aren't Telling You
- Hot Links
An Executive Primer on Cloud Computing
- 2020 Gartner Market Guide for Network Detection & Response
- How You Can Evaluate Your Org's Cybersecurity Readiness
- How IT Security Organizations are Attacking the Cybersecurity Problem
- The Drive for Shift-Left Performance Testing
- Deception: The Next Step In Cyber Defense
- Get Your Security Tools Talking for More Effective Incident Response
If you ask five different people what cloud computing is you'll likely get five different by equally vague answers. Cloud computing is a new technical platform. Cloud computing is the next wave. Cloud computing is a revolutionary approach to application hosting. Cloud computing is the first viable architecture for truly scalable applications. Cloud computing is a vendor-hosted infrastructure platform. Whatever. My goals with this month's column are to first provide an overview of cloud computing, and second to lift back the covers and reveal to you some of the challenges being experienced by organizations that have adopted a cloud-based approach to their technical architecture. As long as you can forgive the excessive number of bad puns from the people I interviewed I suspect you'll be surprised at what is really going on.
A good starting point to understand cloud computing is to explore the categories of services that are on offer.
- First is software as a service (SaaS), software such as Salesforce.com which run entirely on the cloud that is typically accessed via a browser.
- Second is "attached services" which are specific to a client application -- an example of which is Apple's iTunes which enables client applications running on desktop machines or mobile devices such as the iPhone to purchase and download music.
- Third is cloud platforms, such as Amazon's Elastic Compute Cloud which provides an environment for developers to create and then host SAAS applications or attached services.
Cloud computing offers the potential for organizations to dramatically reduce their IT costs through sharing of infrastructure. For example, few organizations can afford to build their own customer relationship management (CRM) system, and many small ones cannot even afford to purchase one. Yet it is viable for them to pay to use an application such as Salesforce.com for a low monthly fee. Furthermore startups are now using cloud platforms to host the e-commerce systems that they are developing and deploying via the web to their own customers, avoiding the need to build and operate their own operations infrastructure.
Yet, there is a little understood underbelly to cloud computing. As with all other technical platforms, security is a risk. "Within two days of our cloud platform being available online the viruses started raining down on us" says Doug Emerson, CTO of FogBank Systems "Just as there are cloud platforms on which legitimate systems run, there are also virus cloud platforms being used by the online criminal element. In early February the Cyclone virus burst out of a cloud running in the Philippines, causing significant damage to our cloud formations until it finally dissipated over inland.com. Less serious, although still able to cause significant damage if your applications don't get out of the way in time, are tornado-class virus which will strike at any time. We're particularly concerned about the threat of the F5 virus, rumored to strike cloud platforms on April 1 2009".
Brad Hruboska, of Iceland-based Schummer Hosting Services (SHS), reports a different set of problems with cloud computing. Many of SHS customers are startups, some of whom are only in business for a few months or change strategies due to changes in the marketplace. As a result they have a tendency to come and go. Furthermore the customer base of the startups can also fluctuate over time, so there's a fair bit of fluctuation not only in usage but in data storage as well. Because of this fluctuation Hruboska says that SHS is experiencing what he calls an "accumulusation of bad data" (what did I tell you about bad puns!) over time. The challenge is that the flexibility provided by cloud computing exacerbates data management problems, the data storage needs and usage changes hourly, presenting a challenge to data professionals who are used to taking weeks or even months plodding through even the most trivial of changes to a database. "We've got data that was absolutely vital two months ago which nobody seems interested in today. Perhaps some of it will be needed again in another two months, but most of it will never be accessed again. We can't tell which is which, and yet we need to find a way to purge the unneeded data somehow.
This isn't the only problem faced by SHS. According to Hruboska, "We set up in Iceland because of the lower costs associated with cooling our servers in a northern climate [a huge savings and environment friendly] and because of the availability of cheap, geothermal energy. What we didn't expect is that by running our cloud in a cooler environment that the moisture within the cloud would condense, freeze due to the low temperatures, and effectively snowcrash our servers. Our physical maintenance bill is higher as a result but our overall expenses are still lower by hosting our servers here outside of Reykjavik." Other companies are operating server farms in Whitehorse, Helsinki, and Vladivostok for similar reasons and are running into similar condensation problems as SHS.
Emerson also reports that hosting a cloud platform isn't as safe as it sounds. "We're finding that the resource requirements of different organizations vary widely throughout the day. The load predictability that single organizations enjoy doesn't exist when hundreds of disparate companies share common resources -- in theory it should even out statistically, but in practice we see huge spikes during North American business hours. The load balancing algorithms of yesteryear can't keep up, and we're finding that some servers effectively become what we call high pressure systems and others become low pressure systems as a result. Worse yet these high and low pressure systems move about our server farm constantly throughout the day, manifesting themselves in what we think are high-voltage electrical discharges. Nobody has been hurt yet, we've taken precautions, but it seems dangerous."
Wayne Miller, of Nimbus Clouds is also concerned. "Pressure differentials between servers is a serious issue. Just last week our janitor was almost killed when a lightning bolt passed between two adjacent servers just as he was sweeping the floor between them. Later investigation of the logs showed that one server was in a high processing pressure situation whereas the other was in a very low pressure situation. Our system weather monitoring system, which we've now upgraded with Berg-Klassen's CloudMonitor (a SAAS coincidently hosted by FogBank), hadn't detected this in time to alert the people in the server farm. The janitor was in the wrong place at the wrong time and got zapped." The good news is that he's fully recovered and back on the job, wearing rubber-soled boots which are being provided to all Nimbus employees.
Regardless of it's inherent challenges, there is a silver lining in cloud computing. In the least it offers many interesting infrastructure services, security services, Amazon's Simple Storage Service (S3), and Berg-Klassen's FarseDetect. FarseDetect is a new service being launched on April 1st 2009 which is essentially a filter that scans both emails and web pages and provides an assessment as to whether or not the content is accurate or not. For example, anything written by myself that is published on April Fool's day gets instantly identified as a joke by FarseDetect. Have a good one.
The article Anatomy of a Failed Agile Adoption describes how Gorwell Financial Group in the UK struggled with, and eventually abandoned, agile software development strategies.
The Scum Certified Agile Master program is a great opportunity for agile developers.
The article The Eclipse Blocker Project describes a new Eclipse plug-in which automatically generates weekly status reports from the activity of project team members.
The Fragile Manifesto presents an alternative view to the subversive material contained in The Agile Manifesto.
TheGlacial Methodology is a new software process which is based on sound software engineering principles.
The article Embracing the OMG overviews the advantages of the OMG's MDA, CWM, and XMI specifications.
A few years ago I wrote about a new addition to the Unified Process called the Politics Discipline which helps people navigate the intricacies of their organization's culture and structure.
The article The Quest for the Silver Bullet describes one project team's efforts to find the single tool or technique which would help them succeed at software development.
In the article Unified Process from A to Z I list in alphabetical order the various flavors of the Unified Process which have been released over the years. There's more to the UP ecosystem than Rational Unified Process (RUP) and Open Unified Process (OpenUP).
The article Are You Suffering from Versusitis? summarizes the effects of versusitis, a debilitating disease which a large number of IT professionals suffer from.