Cloud Computing 101 Issue 1 (Sample)

Cloud Computing 101 (Sample)

Issue 1
May 28th 2011
www.alanquayle.com/blog
© 2011 Alan Quayle Business and Service Development

Objectives

• Comparing and contrasting the available delivery models of cloud computing
• Evaluating the benefits of cloud products, including global and regional service
providers, Salesforce.com, Microsoft Azure, Google, and Amazon
• Understanding the underlying technologies of Data Centers and Virtualization
• Understanding the role of operators and web service providers
• Deploying Software as a Service (SaaS) to optimize productivity and
collaboration
• Deploying Platform as a Service (PaaS) to streamline application deployment
• Examining the cost benefits of deploying Infrastructure as a Service (IaaS)
• Understanding implementation issues across security, compliance and business
continuity
• Integrating multivendor cloud products and services
• Focusing on the first two steps, initial business case and pilot project

6/2/2011 © 2010 Alan Quayle Business and Service Development 2

Outline

• Cloud Computing Introduction
o Defining cloud computing
o Definitions: IaaS (Infrastructure as a Service), PaaS (Platform as a Service), SaaS
(Software as a Service), BPaaS (Business Process as a Service)
o The benefits of cloud computing
o Cloud computing components
o Suppliers and market size
o Types of clouds: public, private, hybrid, community
o Cloud trends and vendor solutions
o Emerging standards and regulations
• Understanding the Components: Data Center History and Economics
o History and the drive for efficiency and availability
o Changes and pressures on DC – drive for DC management
o Capex and opex DC costs
o DC economics drives cloud computing

© 2011 Alan Quayle Business and Service Development 3

Outline

• Understanding the Components: Data Center Types and Comparison to Google’s Data Center
o Reviewing the 3 types of DC (Data Center)
o DC Environment
o Internet DC Architecture
o Enterprise DC Legacy / Current
o Google perimeter and DC Overview
o Comparison
• Understanding the Components: Virtualization Technology
o Understanding the role of Virtualization in terms of Commercial or technology
o The life cycle of Virtualization’s components and key technology
o Technology Hotspot analysis of Virtualization
• Understanding the Components: Customer needs and Virtualization
o Analyze the pain points and key requirements (reduce the cost through servers consolidation;
Dynamic scheduling to save energy; Increase the efficiency of management, etc...) in Virtualization
o Analyze the opinion of customers in Virtualization, like usage, maturity...
o The technology trend for customers to choose Virtualization, like VMware, Hyper-v, Xen, KVM...


Outline

• Understanding the Components: Virtualization Competitive Analysis
o How many main competitors (VMware, Citrix, Microsoft, Oracle, Redhat) we have?
o What about their business models?
o How to win a profit of Virtualization?
o Each competitor’s plans to construct their Virtualization platform?
o SWOT analysis
• Understand the Internet Companies Drivers in Cloud Computing
o Mapping Force, Google and Amazon’s offers
o Cloud Economics, definitions, taxonomy and market size
o Comparison to total IT market
o Cloud Business Case
• Understanding Web Service Providers Focus on Cloud / DCs
o Cloud Hype
o Industry requirements
o Industry Transition
o Data Center Operating System
o DC programming models (PaaS)
o Example providers, PaaS services and pricing
o Deep dive on Force.com, Google App Engine and Microsoft Azure
o What it all means


Outline

• Implementing SaaS
o Minimizing administration costs
o Improving productivity and collaboration
o Replacing capital investments with pay-per-use
• Implementing IaaS
o Leveraging on-demand servers
o Eliminating software license costs with preconfigured servers
o Migrating existing machine images to the cloud
o Cost-effective, scalable and reliable data storage with Amazon Simple Storage Solution (S3)
• Implementing to minimize risk
o Immediate response to market demands
o Elastically scaling infrastructure capacity to meet organizational demands
o Evaluating operating systems and software with pay-per-use
• Implementing Security in the cloud
o Analyzing security concerns
o Maintaining privacy of proprietary data
o Achieving acceptable reliability and service-level agreements
o Overcoming the risks of public clouds
o Scoping the role: SaaS, PaaS, IaaS


Outline

• Implementing Virtual Private Cloud (VPC)
o Simulating a private cloud in a public environment
o Google secure data connector
o Amazon VPC
o Industry-standard, VPN-encrypted connections
• Implementing cloud governance
o Retaining responsibility for the accuracy of the data
o Verifying integrity in stored and transmitted data
o Demonstrating due care and due diligence
o Supporting electronic discovery
o Preserving a chain of evidence
• Implementing compliance with government certification and accreditation regulations
o HIPAA, Sarbanes-Oxley and the Data Protection Act
o Following standards for auditing information systems
o Negotiating third-party provider audits
• Implementing business continuity
o Avoiding vendor lock-in
o Exploiting multiple cloud providers for cross-platform interoperability
o Evaluating the impact on employee skill requirements
• Implementing cloud computing in your organization
o Building a business case
o Selecting a pilot project


We Live in Hyped Times!
• “Amazon and PSN outages won't halt cloud revolution.” source The Register
• “SURVEY: Future-proofing the cloud.” source Network World
• “Virtualization, cloud computing to dominate Interop.” source Network World
• “Is Your Data Center Ready for Cloud Computing?” source Web Buyers Guide
• “Demystifying the Cloud – A Conversation with Dell’s CIO and CTO!” source Baseline Briefing
• “Cloud-enabled Wi-Fi: Less Dollars, More Sense” source Network World
• “Apple’s new services are expected to include a "digital locker" solution enabling consumers to
store their iTunes music, movie and television libraries on Apple servers for access on multiple
iOS-based devices.” source Fierce Mobile Content.
• “Brocade Unveils CloudPlex cloud architecture, an open framework for building virtualized data
centers, and offered a look at new technologies coming up in the near future to help make such
data centers possible. “ source CRN
• “CenturyLink goes from local to global player with Savvis acquisition.” source Fierce

Free Software Foundation founder Richard Stallman called cloud computing,
“worse than stupidity.”

Bottom-line: If you’re systems are down or you loose customer data its not the Cloud
Provider that suffers / goes out of business – they just issue a credit for the disruption.

First Phase of Cloud Consolidation
• Verizon acquired Terremark, a Infrastructure / Platform as a Service (I/PaaS)
provider, for $1.4 billion, to provide IT infrastructure services targeting the
enterprise market.
• Dell spent more than $2 billion in six months acquiring cloud technologies,
including PaaS provider Boomi, and is investing another $1 billion in a group of
global data centers.
• IBM acquired Cast Iron, Boomi’s competitor.
• Time Warner Cable acquired NaviSite.
• CenturyLink acquired Savvis
• Microsoft and Toyota forged a strategic partnership to build a global platform
for Toyota Telematics Services using Windows Azure.
• CA Technologies and Unisys entered into a joint venture that combines CA’s
virtualization and service management products with Unisys’ virtualization and
cloud advisory, planning, design and implementation services.

Likely see further consolidation as Telcos realizes their weaknesses in selling Cloud into
enterprise – particularly small medium enterprise

Telstra spending $600M on cloud-based UC for
businesses
• Telstra said it plans to invest $600 million to upgrade communications options
for 90 percent of the country's businesses and, in partnership with Microsoft and
Cisco, provide them with cloud-based unified communications.
• The QoS upgrades will encompass 1,6000 exchanges and take the telco until
September to complete.
• The Digital Business package will cost businesses $120 a month and include a
basic ADSL2+ connection to businesses, a Cisco Router and a Cisco digital
phone. Customers can pay an additional $15 a month to have their Internet and
voice connection switch over to the Telstra NextG network automatically if the
ADSL connection fails.
• Telstra said VoIP service would likely follow the QoS upgrade, once it "can give
all the reliability and also the technical backup we think the product needs, then
we will bring it to market."

Everything becomes labelled as Cloud. Really the $600M is on a network upgrade…

Evolution

• Cloud computing has evolved through a number of
phases which include grid and utility computing,
application service provision (ASP), and Software as a
Service (SaaS).
• But the overarching concept of delivering computing
resources through a global network is rooted in the
sixties.

Those
Sixties!!!

John McCarthy, 1961

“computation may
someday be
organized as a
public utility.”

The Dream of Cloud Computing
Integrated Circuit Utility Computing
Foundries

• Semiconductor Fabs Expensive • New Datacenters Very Expensive
– Typically > $1 Billion – Only a Few Companies Can
– Too Much for Most Designers Afford Huge Datacenters
• Fabs Take Outside Work • Utility Computing  Datacenter
– Fabs Amortize Cost Owners Amortize Costs
– Other Designers Make Chips – Utility Computing Users Get
Advantages of Elasticity
• Allowed Explosion of Designs
– Datacenter Resources Shared
– More Players Afford Rented Fab Across Many Users

But a private cloud doesn’t deliver scale?

What is Cloud Computing?
• Wikipedia - Cloud computing is Internet ('Cloud') based development and use of computer technology ('Computing'). The
cloud is a metaphor for the Internet (based on how it is depicted in computer network diagrams) and is an abstraction for
the complex infrastructure it conceals[1]. It is a style of computing where IT-related capabilities are provided “as a
service”[2], allowing users to access technology-enabled services from the Internet ("in the cloud")[3] without knowledge
of, expertise with, or control over the technology infrastructure that supports them[4]. According to the IEEE Computer
Society "It is a paradigm in which information is permanently stored in servers on the Internet and cached temporarily on
clients that include desktops, entertainment centers, table computers, notebooks, wall computers, handhelds, etc."[5]. “

• No Consensus in the industry for a good definition of “Cloud computing” . Today anything and everything internet will
come with a cloud computing logo

• Simple Definition: If the time difference between - your application needs more capacity and gets more capacity is greater
than instantly it is not cloud computing. i.e. if there is no programmatic way to provision hardware, no pooled capacity and
even worst a purchase order to get new hardware/software.

• The Bottom-line
o Changes the economics of Computing from being a Capital investment to Utilities (You buy electricity you don’t buy generators )
o Changes the way software is developed – Hardware provisioning , Deployment and Scaling now part of developer lifecycle as a
Program / script as compared to a Purchase order
o Automates a whole bunch of infrastructure related tasks and activities leading efficiencies and cost savings

What is Cloud Computing?

• A user experience and a business model
o Standardized offerings
o Rapidly provisioned
o Flexibly priced

• An infrastructure management and
services delivery method
Banking
o Virtualized resources
o Managed as a single large resource
o Delivering services with elastic scaling
IT
• Similar to Banking ATMs and Retail Point of
Sale, Cloud is Driven by:
o Self-Service
o Economies of Scale
Retail
o Technology Advancement
19 IBM Confidential

The NIST Definition of Cloud Computing
o Cloud computing is a model for enabling convenient, on-demand network access to a
shared pool of configurable computing resources (e.g., networks, servers, storage,
applications, and services) that can be rapidly provisioned and released with minimal
management effort or service provider interaction. This cloud model promotes availability
and is composed of five essential characteristics, three service models, and four deployment
models.

Characteristics
1. On-demand self-service Service models
2. Broad network access 1. Cloud Software as a Service (SaaS)
3. Resource pooling 2. Cloud Platform as a Service (PaaS)
4. Rapid elasticity 3. Cloud Infrastructure as a Service (IaaS)
5. Measured service

Deployment models
1. Private cloud
2. Community cloud
3. Public cloud
4. Hybrid cloud

Why Now?

From T-Systems, who has delivered SAP dynamic services since 2004

NIST 3 Cloud Service Models

• Cloud Software as a Service (SaaS)
o Use provider’s applications over a network
• Cloud Platform as a Service (PaaS)
o Deploy customer-created applications to a cloud
• Cloud Infrastructure as a Service (IaaS)
o Rent processing, storage, network capacity, and other fundamental computing
resources

• To be considered “cloud” they must be deployed on top of cloud
infrastructure that has the key characteristics

22

Service Model Architectures

Cloud Infrastructure Cloud Infrastructure Cloud Infrastructure
IaaS Software as a Service
PaaS PaaS (SaaS)
SaaS SaaS SaaS Architectures

Cloud Infrastructure Cloud Infrastructure
IaaS Platform as a Service (PaaS)
PaaS PaaS Architectures

Cloud Infrastructure
IaaS Infrastructure as a Service (IaaS)
Architectures

23

Mapping the Cloud Types

I use this to simply show the lock-in nature of PaaS / SaaS providers model –
Amazon is more focused on a business model based on scale.

IT Cloud Services Taxonomy
IT Cloud Services

Cloud
Applications
(Apps-as-a-service)

App Dev/Test App Deploy
Cloud
(Application)

Platforms
(Platform-as-a-Service)

Cloud
Infrastructure
(Infrastructure-as-a-Service)

Cloud Computing Technologies
Technologies Cloud Services
Applications SaaS

Dev Platforms

Multi-Tenant, PaaS + Support
Deployment & Cluster services (Storage, DB,
Management Security, Aggregation)

Virtualization,
Infrastructure
Management and Grid
Engines IaaS

Processing Hardware

I use this to simply show technologies associated with each layer – when we discuss
data center design and architecture we’ll come back to these components.

The NIST Cloud Definition Framework
Hybrid Clouds
Deployment
Models Private Community
Public Cloud
Cloud Cloud

Service Software as a Platform as a Infrastructure as a
Models Service (SaaS) Service (PaaS) Service (IaaS)

On Demand Self-Service
Essential
Broad Network Access Rapid Elasticity
Characteristics
Resource Pooling Measured Service

Massive Scale Resilient Computing

Common Homogeneity Geographic Distribution
Characteristics Virtualization Service Orientation
Low Cost Software Advanced Security
27

Predicting Infrastructure Needs

Actual Usage

Customer
Dissatisfaction
Compute Power

Predicted Usage

Waste

Time

Elasticity, Risk, and User Incentives
Services Will Prefer Utility Computing to a Private Cloud When:

Demand Varies over Time Demand Unknown in Advance

Provisioning for Peak Leads to Web Startup May Experience a
Underutilization at Other Times Huge Spike If It Becomes Popular

Pay by the Hour Pay as You Go Does Not Require
(Even if the Hourly Rate is Higher) Commitment in Advance

The Value of Cost Associativity
UserHourscloud × (revenue – Costcloud) ≥

UserHoursdatacenter × (revenue – Costdatacenter )
Utilization

Cloud Is Mostly Driven by Money

Economics of Cloud Computing Are
Very Attractive to Some Users
Cloud Computing Will
Predicting Application
Track Cost Changes
Growth Hard
Better than In-House

Investment Risks May In-House, You Must
Be Reduced Provision for Peak

Benefit 2) Faster time to market

Benefit 3) No initial investment (No CapEx)

Benefit 4) Pay as you go, pay for what you use

Benefit 5) Focus on your business

The 70/30 switch

30% 70%

On-Premise Your Managing All of the
Infrastructure Business “Undifferentiated Heavy Lifting”

Cloud’s goal: flip this equation

30% 70%

On-Premise Your Managing All of the
Infrastructure Business “Undifferentiated Heavy Lifting”

Configuring
Cloud-Based More Time to Focus on
Your Cloud
Infrastructure Your Business
Assets

70% 30%

Companies have different motivations for leveraging cloud

Analytics & Time to Value Employee Risk &
Security Productivity Compliance
Operations support 9
major commands, Creates an Enable collaboration 34,000-employee
nearly 100 bases, & ecosystem for PayPal across 300K global bank deploying a
700,000 active military 3rd Party developers employees as well as its private cloud from
personnel around the network of customers, IBM to centralize
world. Design secure Reduces developer partners and suppliers. management of
cloud infrastructure for effort to deploy a work Saving 30 minutes per desktops via an
defense & intelligence environment with day or 120hr per year enterprise class data
networks; insights seamless PayPal Test per person. center rather than at
about cyber attacks, Sandbox access
the user stations,
network, system or IBM LotusLive has 18 Gets greater remote
application failures, million users in 99 flexibility without
while automatically countries sacrificing control to
preventing disruptions. improve efficiency.

Why Be a Cloud Provider?
Huge datacenters cost 5-7X less for computation, storage, and
Make a Lot of
networking. Fixed software & deployment amortized over many users.
Money
Large company can leverage economies of scale and make money.

Leverage Existing Web companies had to build software and datacenters anyway. Adding
Investments a new revenue stream at (hopefully) incremental cost.

What happens as conventional server and enterprise apps embrace
Defend a
cloud computing? Application vendors will want a cloud offering. For
Franchise
example, MSFT Azure should make cloud migration easy.

Attack an A large company (with software & datacenter) will want a beachhead
Incumbent before someone else dominates in the cloud provider space.

Leverage For example, IBM Global Services may offer a branded Cloud
Customer Computing offering. IBM and their Global Services customers would
Relationships preserve their existing relationship and trust.

Become a
Facebook offers plug-in apps. Google App-Engine…
Platform

Full Cloud Taxonomy
Level Of
Sharing

Public IaaS PaaS SaaS BPaaS PURE
Cloud CLOUD
@ Global MARKET
Provider

Virtual
Private Dynamic Integration- Dynamic Dynamic
Cloud Infrastructure as-a-Service Apps BPO
@
Dedicated
Services Services Services
Provider
EXTENDED
CLOUD
Infrastructure Middleware Apps BP MARKET
Private
Cloud
Virtualization Virtualization Virtualization Virtualization
@ In-house Tools Tools Tools Tools
Data Center

Infrastructure Middleware Applications Business Business
Processes Value

Terminology on XaaS: SaaS, PaaS, IaaS, CaaS and EaaS

• SaaS a.k.a Software As A Service (wikipedia):
o “software that is deployed over the internet and/or is deployed to run behind a
firewall on a local area network or personal computer. With SaaS, a provider
licenses an application to customers as a service on demand, through a
subscription or a "pay-as-you-go" model.”

• SaaS can be seen as the end user consumable service, and
what is usually meant by “cloud computing”.
• Microsoft classifies SaaS into four "maturity levels," whose key
attributes are configurability, multi-tenant efficiency, and
scalability.
• The SaaS model maturity is usually vendor specific.

IaaS: Infrastructure As • IaaS is scalable IT infrastructure readily attached to
A Service a suitable communication media (Internet in case
of “public cloud” or corporate network in case of
“private cloud”), controlled through appropriate
APIs, and is available to its users in form of an on-
demand service typically with “pay-per-use”
charging model
• IaaS is a provision model in which an organization
outsources the equipment used to support
operations, including storage, hardware, servers
and networking components. The service provider
owns the equipment and is responsible for housing,
running and maintaining it.
• The consuming entity does not manage or control
the underlying cloud infrastructure but has control
over operating systems, storage, deployed
applications, and possibly limited control of select
networking components (e.g., host firewalls).
• IaaS: Amazon EC, IBM computing on demand,
Rackspace

IaaS bases on scale

• IaaS customer promise is about CAPEX and OPEX avoidance, streamlined operations, lower TCO
and lower entry barrier:
o Margins as per offered resources are usually pretty thin
o Revenue is generated by scale and volume
o Scale requires capability to economically cater for low-traffic customers and subsequently scale up to
high volumes
o Business processes for infrastructure operations and management needs to streamlined and mature
o Capability to obtain and cater for scale requirements issues a relatively high entry barrier for a new
entrant in IaaS offering business due to needed investments.
• Usually (but not necessarily always), IaaS players do have existing business, of which IaaS is a by-
plot:
o CSPs, ecommerce, SaaS providers, data-center and hosting business.
o The target is to create revenue from existing under-utilized data center resources.
• Additionally, with the ever-tightening legislation, competition, technology requirements,
efficiency requirements etc., operating own data center requires more and more of specific
competences (e.g. design for energy efficiency, design for compliancy, ...)
o Capability development requires investments and takes focus out of the core business of the company.

PaaS: Platform as a Service
• PaaS: a capability provided to the user to
deploy onto the cloud infrastructure user-
created or acquired applications created using
programming languages and tools supported
by the provider.
• All cloud computing characteristic apply.
• Usually PaaS model includes an application
level framework, e.g. plug-ins for IDE
o Easier application development
o Implied lock-in with the provider
• Focus of PaaS is the developer and respective
ecosystem: Successful PaaS offerings have
tendency of attracting loyal,
open communities of developers.
• PaaS implies leverage of domain specific value,
e.g. business applications and force.com.
• Example: Google Apps, force.com, Facebook

PaaS: an outsourced application server platform?
• It appears that the PaaS providers offering holds similarities to what an
application server stands for
o Obviously, an application server platform is part of PaaS, despite the proprietary nature of
implementations.

• PaaS can be seen as a service, where as an application server (“platform”) is
a technology to implement that service.
• PaaS can be regarded as a application development ecosystem:
o Implementation approach can vary and is not the core consideration: JEE, .NET, LAMP,
Python, Ruby...
o Middleware and connectivity services, elasticity, multi-tenancy
o Collaborative and integrated supporting ecosystem for the applications that are deployed on
PaaS platforms and need to be offered as services to the customers/consumers.

• IaaS scales the infrastructure, whereas PaaS scales the application
development ecosystem.
• For PaaS a key consideration is the risk of lock-in.

CaaS and EaaS

• CaaS a.k.a Communications As A Service (zimbio.com)
o “Delivering telecommunications, instant messaging etc. as a service over
the Internet. Telephony as a service, also known as “Voice as a service”,
employs VOIP (Voice Over Internet Protocol). Software and hardware can
be provided as a service by providers.”
o CaaS is specialized SaaS.

• EaaS a.k.a Everything As A Services
o Another buzz-word, and to some extent even more marketing spin: SaaS,
PaaS and IaaS bundled together as multiple instances.

Framing for cloud computing delivery model
User interface layer
instances
Application

management
application
Partners’ Third party Third party

Shared
Customized
Applications standard standard customized
applications
applications applications applications

Application integration layer

SAAS
Platform abstraction layer
platform
Middleware

Platform O&M
Content Web Identity Dev. Protocol UI
BPMS etc.
services portal services tools stacks frame.

tools
High availability framework

PAAS
Application server containers and database management systems
Infrastructure
Computing

Operating system

management

IAAS
Computing and storage virtualization

System
tools
Physical computing and storage environment

Connectivity and access

The service models are separate: e.g. creating a SaaS offering
by no means requires bundling IaaS or PaaS with it.

Some Myth’s and perceptions
• Isn’t it all about hardware provisioning?
o Not Really – It is also about changing of Software Development Lifecycle
with scaling up , hardware provisioning and deployment all under the
control of developer written programs

• What about Security and Enterprise Adoption ?
o Two answers
• Private Clouds – Starting seeing the adoption of the cloud computing
paradigm come into the corporate data center. Big iron vendors are selling
Private Cloud Products and Hybrid Solutions.
• The Question: “Just as Banks became a safe place to keep your money away
from your safe-box in your grandfathers home , The Cloud will become the
default place to keep your data in the future.” – an analogy I prefer is home
security, you can outsource to ADT, but in the limit you still need to do some
of it yourself.

Some Myth’s and perceptions

• Isn’t this similar to Time Sharing?
o Yes to some extent.
o But it is not all about sharing of resources. It really boils down to cost savings
as a result of automation and changing the software development lifecycle

• How is it different from ASP?
o The ASP value-add was the typical value you get from an outsourcing
company. Leverage knowledge base, trained manpower and some shared
infrastructure to guarantee reliability of operations and potential cost savings
o Cloud Computing is taking the ASP concept to the next level with zero to little
amount of “People Services” and focus on the computing as a utility.

Public Clouds

• Public Clouds are good when
o Have low bandwidth and latency requirements
o Starting with test or development workloads
o Running collaboration applications
o Don’t have an upfront capital budget

Committing tightly to a
• Not so good when single provider without a
o You need strict performance SLAs proper plan B is a no-go.
o Uptime is critical – no control over recovery
o Privacy or security is a concern, i.e.
• 3rd party has your data, auditors complain
• Can you review vendor’s security procedures?
o Costs per CPU hour can be larger than that of in-house server deployments.

Internal Private Clouds
• Positives of internal private clouds • Negatives vs. public clouds
o Anticipated reduction of TCO o Requires up front capital
o Better hardware capacity expenditure due to IT investments
utilization in own CAPEX
o Elasticity o Not as useful for small and
• Easy self service provisioning medium businesses and
• More efficient system
management departmental solutions due to
o IT retains control of SLAs needed investments
• Data security and privacy
• High performance
• High availability • Negatives vs. dedicated hardware
o Capability to provide spot-on o Performance tax
chargeback reports as per need o Not capable for massive parallel
processing

Cost elements: SaaS versus traditional on-premises SW

• On-premises / in-house • SaaS
o License payments at acquisition o Configuration and systems
phase and recurring fees integration costs
o Customization and systems o Business process adaptation costs
integration costs
o Sign-up fees
o Implementation and deployment
o Recurring subscription fees
costs for roll-out
o Care and support fees
o Local IT and systems support
o Training costs (of a standard
arrangements, either own head-
application)
count or outsourced
o Training costs for end users o Internet connectivity costs
o Computing, storage, backup and o (undefined price tag for potential
network costs strategic transition costs)
o Support and maintenance costs

Cloud service provider space remains fragmented

Cloud
native
players
Amazon,
Salesforce;
Google

Telecom IT Service
providers Cloud providers
AT&T, BT,
FT, DT/ T-
based Accenture,
Systems, services Capgemini,
Wipro
Verizon

Large tech
vendors
Cisco, Dell
HP, IBM

Why CSPs have a strategic fit for cloud computing
• Shared infrastructure
• CSPs have long history of infrastructure, which is networked and
interoperable via well-defined interfaces.
• Managed and hosted IT and communications services
• For a longer time CSPs have relied on vendors’ managed services type of
professional services, which means that there is no inherent fear of
outsourcing operative responsibilities.
• Data centers
• Data centers operations have been for long time the core of CSP production
machines.
• Security, data integrity and trust
• These are the traditional key characteristics of telco business.
• Managed network services and end-to-end SLAs.
• CSPs are familiar with end-to-end SLA thinking and KPI based operations.
• Communications as a service
• Communications and connectivity is the bread and butter of CSPs.
• SME customer base
• The customer base of CSPs does cover SME, which means that they are
familiar with the problems and issue within the segment.

What is Cloud Computing For Telcos
New
consumer-
centric Cloud
Services

Delivery
Cloud
Strength of
trusted
Computing Infra-
structure
services
e.g. Billing
Engagement Network-
Centric
for Telcos
Where Is The Cloud Opportunity For
Mass Telcos?
Adoption
Consumer
Reach CONSUMER vs ENTERPRISE

Telco’s Enterprise – Consumer Pendulum
Consumer Enterprise
• 65’s:
Mainframes in Data Centers
75’s: • Enterprise drives Tech Awareness
ISDN Telephony
1st Gen. Remote Home Workers
• 80’s:
PC on corporate desktop
90’s: • IT education of working
Multimedia PCs, Cell Phones generation
Digital Kids, Consumerization IT • 2005’s:
Cloud Computing/SaaS
2010’s: • Tech. Populism, Pay/Use, Web 2.0
Managed Devices, Media
Convergence • 2015’s:
Managed Desktops, X-Internet Enterprise 3.0
Collaborative Business Models
Cloud federated master data and
Innovators distributed business transactions
 Converged Personas 
Mass Adoptors
Consumer  Specific Personas  Enterprise

Security is the Major Issue

60

Security Trend – Virtual Firewalls and Additional
Procedures Part 1
• Virtualization is essentially adding an operating system.
– So there are now two operating systems to monitor and patch, instead of one. This
increases the chances of patches not being up to date creating security risks
– Procedures within the data centers running cloud services must be stricter then regular
data center procedures
• Traditional intrusion detection doesn’t work on virtual servers.
– Intrusion detection (and intrusion prevention) monitors network traffic (between physical
servers) and raises a red flag if there’s a traffic spike or type of traffic not explained by
legitimate operations.
– But there’s no way to monitor traffic between virtual servers on one physical host, -
emergence of virtual firewalls
• Malware can spread among virtual servers.
– Traditional intrusion detection is blind to activity between virtual servers, it’s easy for a
virus or other malignant software to spread from one virtual server to another.
– And beyond -- because virtualization is often used in conjunction with clustering that
moves data and applications among two or more physical servers, to provide load-
balancing and “failover” in case one server in the cluster encounters a problem.
– A network monitoring system can not analyze this threat. Emergence of virtual firewalls
that protect virtual servers.
– VMWare and Citrix have created Hypervisor based solutions that work with existing
security vendor solutions
• Confidential data can be compromised because there’s no way to monitor traffic flow
between virtual servers sharing the same physical server,
– There’s no way to tell whether confidential or legally protected data (such as medical
records or credit card numbers) have been compromised.
– Today this is managed by segregating data on a separate physical sever – and generally not
allowed outside of the internal corporate cloud.

Security Trend – Virtual Firewalls and Additional
Procedures Part 2
• Malware is now virtual-aware.
– “Virtual-aware” viruses can tell when they’re running in a virtual
environment. Though they’ve mostly used this knowledge to hide so far, they
could easily be adjusted to attack virtual servers’ vulnerabilities instead.
– According to research by the antivirus company ESET, more than 200,000
virtual-aware malwares were at large in November 2008.
• Other methods of security management include structuring the resource
pools to match network segments, and force traffic among pools to pass
through the existing network security infrastructure.
– Generally use virtual LANs to achieve this, which results in lower resource
utilization and less flexibility in matching workloads to resources.
• VM Ware publishes security guidelines
– Limiting VM functionality to only those capabilities required by the
application
– General access controls to virtual console and management functions
– Quite complex and generally push operators towards partnering with an
established IT integrator in the virtualization space, e.g. HP or IBM
• A Cloud Service is only as strong as its weakest link
– Must ensure all VMs implement extra protections – recent Gartner surveys
show less than 20% of enterprise implementations include additional
protections for security in virtualization implementations

Security Standards: SAS 70

• SAS 70 is the most commonly adopted security standard among
cloud service providers.
• Roughly 67 percent of cloud service providers follow SAS 70
(Statement on Auditing Standards No. 70), which is an
internationally recognized auditing standard developed by the
American Institute of Certified Public Accountants (AICPA) that
defines the standards an auditor must employ in order to assess the
contracted internal controls of a service organization like a hosted
data center, insurance claims processor or credit processing
company, or a company that provides outsourcing services that can
affect the operation of the contracting enterprise.

Security Standards: PCI DSS & SOX

• PCI DSS
o About 42 percent of cloud service providers follow the PCI DSS (Payment Card Industry Data Security
Standard) standard, a global security standard that applies to all organizations that hold, process or
exchange credit card or credit card holder information.
o The standard was created to give the payment card industry increased controls around data and to
ensure it is not exposed. It is also designed to ensure that consumers are not exposed to potential
financial or identity fraud and theft when using a credit card.
• Sarbanes-Oxley
o Sarbanes-Oxley (SOX) is a security standard that defines specific mandates and requirements for
financial reporting. SOX spanned from legislation in response to major financial scandals and is
designed to protect shareholders and the public from account errors and fraudulent practices.
o Administered by the SEC, SOX dictates what records are to be stored and for how long. It affects IT
departments that store electronic records by stating that all business records, which include e-mails
and other electronic records, are to be saved for no less than five years. Failure to comply can result in
fines and/or imprisonment.
o About 33 percent of cloud service providers follow SOX.

Security Standards: ISO 27001 and Safe Habor

• ISO 27001
o About 33 percent of cloud service providers adhere to ISO 27001, a standard published in 2005 that is
the specification for an Information Security Management System (ISMS).
o The objective of ISO 27001 is to provide a model for establishing, implementing, operating,
monitoring, reviewing, maintaining and improving ISMS, which is a framework of policies and
procedures that includes all legal, physical and technical controls involved in an organization's
information risk management processes.
• Safe Harbor
o About one-fourth of cloud service providers adhere to Safe Harbor principles, a process for
organizations in the U.S. and European Union that store customer data.
o Safe Harbor was designed to prevent accidental information disclosure or loss. Companies are certified
under Safe Harbor by following seven guidelines: Notice, through which individuals must be informed
that their data is being collected and how it will be used; choice, that individuals have the ability to opt
out of data collection and transfer data to third parties; onward transfer, or transfer data to third parts
that can only occur to organizations that follow adequate data protection principles; security, or
reasonable efforts to prevent loss of collected data; data integrity, that relevant data is collected and
that the data is reliable for the purpose for which it was collected; access, which gives individuals
access to information about themselves and that they can correct and delete it if it is inaccurate; and
enforcement, which requires the rules are enforced.

Security Standards: NIST and HIPAA

• NIST
o National Institute of Standards and Technology (NIST) standards, originally designed for
federal agencies, emphasize the importance of security controls and how to implement them.
The NIST standards started out being aimed specifically at the government, but have recently
been adopted by the private sector as well.
o NIST covers what should be included in an IT security policy and what can be done to boost
security, how to manage a secure environment, and applying a risk management framework.
The goal is to make systems more secure. About 25 percent of cloud service providers adhere to
NIST standards.
• HIPAA
o The U.S. Health Insurance Portability and Accountability Act (HIPAA) is followed by roughly
16 percent of cloud service providers.
o The HIPAA standard seeks to standardize the handling, security and confidentiality of health-
care-related data. It mandates standard practices for patient health, administrative and
financial data to ensure security, confidentiality and data integrity for patent information.

Security Standards: FISMA and COBIT

• FISMA
o FISMA, or the Federal Information Security Management Act, was passed in 2002 and created
process for federal agencies to certify and accredit the security of information management
systems.
o FISMA certification and accreditation indicate that a federal agency has approved particular
solutions for use within its security requirements. In its research. About 16 percent of cloud
service providers have obtained FISMA certifications.
• COBIT
o Control Objectives for Information Related Technology is an international standard that
defines the requirements for the security and control of sensitive data. It also provides a
reference framework.
o COBIT is a set of best practices for controlling and security sensitive data that measures
security program effectiveness and benchmarks for auditing. The open standard comprises an
executive summary, management guidelines, a framework, control objectives, an
implementation toolset and audit guidelines. About 8 percent of cloud service providers follow
the COBIT security standard.

Security Standards: Data Protection Directive

• The Data Protection Directive is a directive adopted by the European
Union that was designed to protect the privacy of all personal data
collected for or about EU citizens, especially as it relates to
processing, using or exchanging that data.
• Similar to Safe Harbor in the U.S., Data Protection Directive makes
recommendations based on seven principles: Notice, purpose,
consent, security, disclosure, access and accountability. About 8
percent of cloud service providers adhere to the Data Protection
Directive.

In Some Ways, "Cloud Computing Security"
Is No Different Than "Regular Security"
• For example, many applications interface with end users via the web. All the
normal OWASP (Open Web Application Security Project) web security
vulnerabilities
-- things like SQL injection, cross site scripting, cross site request forgeries,
etc., -- all of those vulnerabilities are just as relevant to applications running
on the cloud as they are to applications running on conventional hosting.

• Similarly, consider physical security. A data center full of servers supporting
cloud computing is internally and externally indistinguishable from a data
center full of "regular" servers. In each case, it will be important for the data
center to be physically secure against unauthorized access or potential natural
disasters, but there are no special new physical security requirements which
suddenly appear simply because one of those facilities is supporting cloud
computing

Maintenance Induced Cascading Failures

It's Not Just The Network: Storage Is Key, Too

See http://www.engadget.com/2009/10/10/t-mobile-we-probably-lost-all-your-sidekick-data/

However, see also: Microsoft Confirms Data Recovery for Sidekick Users
http://www.microsoft.com/Presspass/press/2009/oct09/10-15sidekick.mspx
73

And Let's Not Forget About Power Issues

74

Implementing in Your
Organization
Project Plan

Today’s IT infrastructure is under tremendous pressure and is
finding it difficult to keep up…
It will reach a breaking point

In distributed computing Percentage of executives who report
environments, up to 85 percent a security breach and aren’t confident
of computing capacity sits idle they can prevent future breaches

70 percent is spent on Percentage of CIOs who want
maintaining current IT to improve the way they use
infrastructures versus adding and manage their data
new capabilities

76

Create a roadmap for cloud as part of the existing IT
optimization strategy

Standardize
and automate
 Standardize services
Virtualize  Reduce deployment
cycles
 Remove physical  Enable scalability
resource boundaries  Flexible delivery
Consolidate  Increase hardware
 Reduce infrastructure utilization
complexity  Reduce hardware
 Reduce staffing costs
requirements  Simplify deployments
 Manage fewer things
better
 Lower operational costs

Adoption of cloud computing will be workload driven
• Workload characteristics determine standardization

Test for Standardization Examine for Risk Explore New Workloads
 Web infrastructure  Database  High volume, low cost
applications  Transaction processing analytics
 Collaborative infrastructure  ERP workloads  Collaborative Business
 Development and test Networks
 Highly regulated workloads
 High Performance  Industry scale “smart”
Computing ... applications
... ...

Workloads ready for cloud computing
• Analytics • Desktop and devices
– Data mining, text mining or – Desktop
other analytics – Service/help desk
– Data warehouses or data marts • Development and test
– Transactional databases – Development environment
• Business services – Test environment
– Customer relationship • Infrastructure
management – Application servers
(CRM) or sales force automation – Application streaming
– E-mail – Business continuity/
– Enterprise resource planning disaster recovery
(ERP) applications – Data archiving
– Industry-specific applications – Data backup
• Collaboration – Data center network capacity
– Audio/video/Web conferencing – Security
– Unified communications – Servers
– VoIP infrastructure – Storage
– Training infrastructure
– Wide area network (WAN)
capacity

Source: IBM Market Insights, Cloud Computing Research, July 2009.

Public and Private Clouds are preferred for different workloads

Top private workloads Top public workloads

 Data mining, text mining, or other analytics  Audio/video/Web conferencing
 Security  Service help desk
 Data warehouses or data marts  Infrastructure for training and
 Business continuity and disaster recovery demonstration
 Test environment infrastructure  WAN capacity, VOIP Infrastructure
 Long-term data archiving/preservation  Desktop
 Transactional databases  Test environment infrastructure
 Industry-specific applications  Storage
 ERP applications  Data center network capacity
 Server

Database- and application-oriented Infrastructure workloads
workloads emerge as most appropriate emerge as most appropriate

Source: IBM Market Insights, Cloud Computing Research, July 2009. n=1,090

There is a spectrum of deployment options for cloud computing
Third-party Third-party hosted
operated and operated

Enterprise Enterprise Enterprise
Enterprise Enterprise Users
A B
data center data center A B

Private cloud Managed Hosted private Shared cloud Public cloud
private cloud cloud services services

Private Hybrid Public
IT capabilities are Internal and IT activities /
provided “as a service,” external service functions are
over an intranet, within delivery provided “as a
the enterprise and methods are service,” over the
behind the firewall integrated Internet

There is a spectrum of deployment options for cloud computing
Third-party Third-party hosted
operated and operated

Enterprise Enterprise Enterprise
Enterprise Enterprise Users
A B
data center data center A B

Private cloud Managed Hosted private Shared cloud Public cloud
private cloud cloud services services

 Private  Third-party  Third-party  Mix of shared  Shared
 Implemented operated owned and and dedicated resources
on client  Enterprise operated resources  Elastic scaling
premises owned  Standardization  Shared facility  Pay as you go
 Client runs/  Mission critical  Centralization and staff
 Public Internet
manages  Packaged  Security  Virtual private
applications  Internal network (VPN)
access
 High network
compliancy  Subscription or
 Internal network membership
based

Security is among a top concern with cloud computing...
Security Framework provides a structure to address this concern
Application and process
People and identity Help keep applications secure,
Mitigate the risks protected from malicious or
associated with user fraudulent use, and hardened
access to corporate against failure
resources Network, server and end point
Optimize service availability by
Data and information mitigating risks to network
Understand, deploy and components
properly test controls for
access to and usage of Physical infrastructure
sensitive data Provide actionable intelligence on the
desired state of physical infrastructure
security and make improvements

Professional Managed services Hardware and
services software

Movement from Traditional Environments to Cloud Can be
in One Step or an Evolution
Clients will make workload-driven
trade offs among functions such as
security, degree of customization,
control and economics

Businesses that implement cloud computing are seeing
significant results

Reduced IT labor cost by 50
percent in configuration,
operations, management and
monitoring
Improved capital utilization by
75 percent, significantly
reducing license costs
Reduced provisioning cycle
times from weeks to minutes
Improved quality, eliminating
30 percent of software defects
Reduced end user IT support
costs by up to 40 percent
Simplified security
management

But it does make sense for some functions within some organizations….

The NIST Cloud Definition Framework
Hybrid Clouds
Deployment
Models Private Community
Public Cloud
Cloud Cloud

Service Software as a Platform as a Infrastructure as a
Models Service (SaaS) Service (PaaS) Service (IaaS)

On Demand Self-Service
Essential
Broad Network Access Rapid Elasticity
Characteristics
Resource Pooling Measured Service

Massive Scale Resilient Computing

Common Homogeneity Geographic Distribution
Characteristics Virtualization Service Orientation
Low Cost Software Advanced Security
89

IBM Cloud Business Model
ROI Analysis Impact:
Reduction of Total Cost of Ownership of
Data Center Infrastructure
New
100% Development Liberated Reduced Capital Expenditure
funding for - Improved utilization reduces requirement for
Software new new capital purchases
Costs development, Strategic
transformatio Change Reduced Operations Expenditure
n investment Capacity - Lower facilities, maintenance, energy, IT
Power or direct service delivery and labor costs
Costs
saving
Additional Benefits
Deployment (1- - Reduced risk, less idle time, more efficient
Curren time) use of energy, acceleration of innovation
t IT Labor Costs
projects, enhanced customer service
Spend (Operations Software
and Costs
Maintenance)
Business Case Results
Power Costs Hardware,
labor &
Annual savings: $3.3M (84%)
(88.8%)
power from $3.9M to $0.6M
Hardware Labor Costs savings
Costs ( - 80.7%) reduced
Payback Period: 73 days
(annualized) annual cost
Hardware Costs of operation Net Present Value (NPV): $7.5M
( - 88.7%) by 83.8% Internal Rate of Return (IRR): 496%
Note: 3-Year Depreciation Period with 10% Discount Return On Investment (ROI): 1039%
Rate

CSPs and cloud computing
• The large CSPs have long history in running large scale data-centers and
respective operations.
• Hence, it is natural for CSPs to offer services via cloud paradigm, and
enter into the domain of providing enterprise grade cloud computing
services.
o From history perspective the focus has been in IaaS.
o This will most probably continue, since the infrastructure services continue to be a lucrative
necessity.
• Analyst (e.g. Ovum) reports indicate that SaaS/CaaS roadmaps are
evolving within major telco CSPs.
o This is logical growth path, as cloud computing model leverages the telco core competences.
o CSPs already have strong foothold on connectivity, which is essential for XaaS.
o Trend seems to be that IaaS remains the core focus, and SaaS is developed in an opportunistic
way, i.e. develop a solution to a problem, and see whether it could be reapplied for a general
business case according to SaaS.
• Most often CaaS appears to represent communication as a service or
collaboration as a service or unified communications as a services.

Enterprise Cloud Computing

Consumption, EA & DCA Portfolio of
Planning, Standards &
Improvements Policies Virtualized
System Lifecycles APPLICATION Private Clouds
Hyperlinked Models RESOURCES
IT OPS MGT APP ARCH
& Metadata
Improved End-to-End Policies
Service Delivery OPS Policy-Based
IT Design with
with Control
Flexibility  Dynamic Availability Public Clouds
 Efficient Consumption

Metering Servers Application
& Billing Storage VMs

IT-CONTROLLED CLOUD COMPUTING
• Accelerate application delivery
• Improve IT service management
• Business obtains flexibility while IT maintains control

Treat Cloud just like any IT project: focus, don't believe the hype, and take it step by step

Mind the SLA Gap!

Data Center SLA

MPLS SLA

Conclusions
Business
Applications Mobile CRM

Analytics Data
Center
VPN
Email
Infrastructure Desktop
Software

Its what your mother told you, “Don’t put all your eggs in one basket”

Cloud Computing 101 Issue 1 (Sample)

Recommandé

Recommandé

Contenu connexe

Tendances

Tendances (19)

En vedette

En vedette (7)

Similaire à Cloud Computing 101 Issue 1 (Sample)

Similaire à Cloud Computing 101 Issue 1 (Sample) (20)

Plus de Alan Quayle

Plus de Alan Quayle (20)

Dernier

Dernier (20)

Cloud Computing 101 Issue 1 (Sample)