Yet cloud computing is much more than a just newcomer on the Internet hype curve. The heritage of what cloud computing represents dates back to the dawn of information technology (IT), to the very beginnings of how government agencies and large commercial enterprises first accessed powerful computers to solve complex problems.
We've certainly heard a lot about the latest vision for cloud computing and what it can do for the delivery of applications, services and infrastructure, and for application development and deployment efficiencies. So how does cloud computing fit into the whole journey of the last 35 years of IT? What is the context of cloud computing in the real-world enterprise? How do we take the vision and apply it to today's enterprise concerns and requirements?
To answer these questions, we need to look at the more mundane IT requirements of security, reliability, management, and the need for integration across multiple instances of cloud services. To help understand the difference between the reality and the vision for cloud computing, I recently interviewed Frank Gillett, vice president and principal analyst for general cloud computing topics and issues at Forrester Research. (Sponsor: Akamai Technologies.)
Here are some excerpts:
Gardner: You know, Frank, the whole notion of cloud computing isn't terribly new. I think it's more of a progression.
Gillett: When I talk to folks in the industry, the old timers look at me and say, "Oh, time-sharing!" For some folks this idea, just like virtualization, harkens back to the dawn of the computer industry and things they've seen before. ... We didn't think of them as cloud, per se, because cloud was just this funny sketch on a white board that people used to say, "Well, things go into the network, magic happens, and something cool comes from somewhere."
So broadly speaking, software as a service (SaaS) is a finished service that end users take in. Platform as a service (PaaS) is not for end users, but for developers. ... Some developers want more control at a lower level, right? They do want to get into the operating system. They want to understand the relationship among the different operating systems instances and some of the storage architecture.
At that layer, you're talking about infrastructure as a service (IaaS), where I'm dealing with virtual servers, virtualized storage, and virtual networks. I'm still sharing infrastructure, but at a lower level in the infrastructure. But, I'm still not nailed to this specific hardware the way you are in say a hosting or outsourcing setup.
Gardner: We're in the opening innings of cloud computing?
Gillett: A lot of the noisy early adopters are start-ups that are very present on the Web, social media, blogs, and stuff like that. Interestingly, the bigger the company the more likely they are to be doing it, despite the hype that the small companies will go first.
... It doesn't necessarily mean that your typical enterprise is doing it, and, if they are, it's probably the developers, and it's probably Web-oriented stuff. ... In the infrastructure layer, it's really workloads like test and development, special computation, and things like that, where people are experimenting with it. But, you have to look at your developers, because often it's not the infrastructure guys who are doing this. It's the developers.
It's the people writing code that say, “It takes too long to get infrastructure guys to set up a server, configure the network, apportion the storage, and all that stuff. I'll just go do it over here at the service provider."
... There is no one thing called "cloud," and therefore, there is no one owner in the enterprise. What we find is that, if you are talking about SaaS, business owners are the ones who are often specing this.
Gardner: Who is the "one throat to choke" if something goes wrong?
Gillett: Bottom line, there isn't one, because there is no one thing. ... They are on their own within the company. They have to manage the service providers, but there is this thing called the network that's between them and the service providers.
It's not going to be as simple as just going to your network provider, the Internet service provider, and saying, "Make sure my network stays up." This is about understanding and thinking about the performance of the network end to end, the public network -- much harder to control than understanding what goes on within the company.
This is where you have to couple looking at your Internet or network service provider with the set of offerings out there for content and application acceleration. What you're really looking for is comprehensive help in understanding how the Internet works, how to deal with limitations of geography and the physics, the speed of light, making sure that you are distributing the applications correctly over the network -- the ones that you control and architect -- and understanding how to work with the network to interact with various cloud-service providers you're using across the network.
... Even though you can't get the uber "one throat the choke," at the network layer you can go for a more comprehensive view of the application, and the performance of the network, which is now becoming a critical part of your business process. You depend on these service providers of various stripes scattered across the Internet.
If you take the notion of service-oriented architecture (SOA), and explode it across the public network, now you need sort of the equivalent of the internal network operation center, but you need help from an outside provider, and there's a spectrum of them obviously to do that.
When you're asking about governance, the governance of the network is really important to get right and to get help with. There is no way for an individual company to try and manage all that themselves, because they are not in the public network themselves.
... I spoke to a luxury goods and perfume maker that had a public website with transactions, as well as content, on their website. I said, "How many servers does it take to run your transactions?" And they said it only takes four, and that includes the two redundant ones. "Oh, really? That's all?" They said, "Well, not really. Three quarters of my workload is with my application and content acceleration provider. They take care of three quarters of my headache. They make it all work." So, that's a great example.
Gardner: What seems to be missing in this notion of trust, governance, and reliability?
Gillett: There's no such thing as "the" cloud provider, or one cloud provider. Part of the complication for IT is, not only do they have multiple parties within the company, which has always been a struggle, as they get into this, they're going to find themselves dealing with multiple providers on the outside.
So, maybe you've got the services still in your IT as an infrastructure. You've got your internal capability. Then, you've got an application, SaaS, and perhaps PaaS, and a business process that somehow stitches all four of those things together. Each one has its own internal complexities and all of it's running over the public network ... So, it's really challenging.
Gardner: How can we integrate across different sets of services from different providers and put them in the context of a business process?
Gillett: If you look at it, a lot of these concepts are embodied in the whole set of ideas around SOA, that everything is manifested as services, and it's all loosely coupled, and they can work together. Well, that works great, as long as you've got good governance over those different services, and you've got the right sort of security on them, the authentication and permissions, and you found the right balance of designing for reuse, versus efficiently getting things done.
... But, as you're hinting, I have to think about how I make that business process work, making sure that I work over the Internet? What do I do if that service provider hiccups or a backhoe cuts a fiber optic cable between me and the service provider?
Now, I'm becoming more dependent on the public Internet infrastructure, once I'm tying into these service providers and tying into multiple parties. Like a lot of things in technology, unless you're going to completely turn over everything to an outside service provider, which sounds like traditional outsourcing to me, the "one throat to choke" is your own. ... If you think about it, it's not that different than when I ran all the infrastructure on my own premises, because I had gear and applications from different parties, and, at the end of day, it was up to me to referee these folks and get them to work together.
... So I look at this, and I say, "Okay, we've got a decade here to sort this out." It's a completely different problem, by the way, to think about how I take the existing applications I run inside my company, and think about migrating them to a service provider.
Gardner: We have a track record of organizations saying, "Listen, I don't want to be in the commodity applications business. I want to specialize in what's going to differentiate me as an enterprise. I don't want to have everyone recreating the same application instance."
Gillett: ... "You said, "Cloud is about commoditizing IT, and only things that aren't differentiating leave my company." Not true. ... Cloud services can handle mission-critical workloads, things that differentiate you. In fact, that might only be possible if you do them in a service provider.
... Let me give you an example. Let's say that your business has critical calculations to run overnight, say, for ad placement on websites. Let's say that that's soaks up huge amounts of computing capacity when you run the workload at night, but sits idle during the day. ... Guess what? That's one of the workloads that runs at Amazon's EC2 IaaS or "computer as a service."
In that case, it's more cost effective and more flexible for them to run it with the service provider, even though it's mission critical. It's a more effective use of resources.
Now, let's flip it around the other way. Take a provider that does streaming of public websites of media. You go to a website of a major newspaper or a television network and you want to see their video. This provider helps with that on the back-end. What they found, when they looked at their internal infrastructure, was that they felt they were cheaper than the Amazon at running their core infrastructure.
Amazon looked like a nice extra capacity on top, so they wouldn't have to buy over provision as much. Amazon also looked like a great way to add capacity into new regions before they got critical mass to do it cost effectively themselves in that region. There are two examples of the non-intuitive ways to think about this.
... It feels like we are in a cloud hype bubble right now. All the hype and noise is sort of on the upswing still, but we are going to see this subside and calm down late this year or next year. This is not to say that the ideas aren't good. It's just that it will take a significant amount of time to sort things out, figure out the right choices for the offerings to mature, for the early adopters to get in, the mainstream folks, and the laggards. It's only as we get deeper into it that we even begin to understand the governance ideas.
... You start thinking about how to distribute application logic, to create fast response, good business service levels and things like that, despite the fact that you think, "We're just selling one thing and all that has to come back to a central database." Not necessarily. So, you really start to think about that. You think about how to prioritize things across the network. This is more important than that. All of it is basically fighting the laws of physics, also trying to figure out the speed of light, and all sorts of computation stuff.
It's also trying to figure out the most cost-effective way to do it. Part of what we're seeing is the development and progression of an industry that's trying to figure out how to most cost-effectively deliver something. Over time we'll see changes in the financial structures of the various service providers, Internet, software or whatever, as they try to find the right way to most cost-efficiently deliver these capabilities.
Gardner: How do enterprises put themselves in position to take advantage of cloud sooner rather than later, and perhaps gain a competitive advantage as a result?
Gillett: ... One of the things that we're telling our infrastructure and operations guys is to get in early ahead of the developers. Don't let them run willy-nilly and pick a bunch of services. Work with the enterprise architect, the IT architect, to identify some services that fit your security and compliance requirements. Then, tell the developers, "Okay. Here is the approved ones that you can go play with, and here's how we're going to integrate them."
So, proactively, get out in front of these people experimenting with their credit cards, even if it's uncomfortable for you. Get in early on the governance. Don't let that one run away from you.
Read a full transcript of the discussion.