What the hell is Cloud Computing?
Cloud computing is not only the future of computing, it is the present and the entire past of computing…My objection is its absurdity–it’s nonsense … It’s not water vapor. It’s a computer attached to a network!
~ Larry Ellison, Oracle CEO
Definition(s) of Cloud Computing
…a style of computing where scalable and elastic IT capabilities are delivered as a service to consumers using Internet technologies.
~ Gartner: Key Issues in Cloud Computing
Cloud computing is a model for enabling convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction.
~ The NIST Definition of Cloud Computing, Version 15
Why Larry Ellison Hates Cloud Computing
What’s new with Cloud Computing?
Larry makes some good points about the components of cloud computing having been around for decades. So is there anything new?
First, let’s recognize the convergence of IT trends and enabling technologies that set the stage for rise of the cloud.
1998 – 2008: Convergence
- Network and Data Center Buildout
- Ubiquitous Broadband
- Mobile Access (Wi-Fi, 3G, Air Cards)
- Mobile Devices (BlackBerry, iPhone, SmartPhone, Netbooks)
- Blade Servers
The chart below shows interest in cloud computing over time as measured by Google searches. Starting from zero, a blip of interest first surfaces in 2007, the climb begins in 2008, and peaks in March 2010. As Gartner would say, our current hype cycle position is at the peak of inflated expectations.
So what’s responsible for the dramatic rise in interest over the past two years? I believe there are three main drivers; lower costs, market offerings, and marketing hype.
2009 – 2010: Tipping Point
- Lower Costs (for everything: hardware, software, storage, memory, bandwidth, etc.)
- Market Offerings and Opportunities
- Microsoft Online, Google Enterprise Apps
- Microsoft Azure, Amazon EC2 (Elastic Compute Cloud) & AWS (Amazon Web Services), Google App Engine
3. Marketing Hype!
While marketing hype has certainly played a role, there are also some new service offerings and opportunities that have been enabled by declining costs and economies of scale made possible through virtualization technologies. The existence of these offerings, and the shift in their pricing from competitive to compelling, represent what’s new.
For example, when we evaluated our email options in 2007, we could let it remain on-premise or turn it over to an outsourcing vendor who would host it on dedicated hardware. For almost twice as much as it cost to run internally.
Two years later, we did the same evaluation after Microsoft announced their Exchange Online offering. By this time, dedicated outsourcing was marginally less expensive than running on premise, while Exchange Online from Microsoft cost less than half as much. Then Microsoft lost 30,000 email seats for the city of Los Angeles to Google, and they cut their price in half (to $5 per month) while increasing storage five-fold (to 25 GB).
The relative cost of outsourced email had dropped from 191% of the on premise cost in 2007 to 20% in 2009: nearly an order of magnitude decrease in cost.
Relative Cost of Outsourced Email vs. On Premise: 2007 -2009
What Makes it “Cloudy”?
Besides the price, what is it about Exchange Online in 2009 that makes it different from the 2007 Outsourced Exchange offering?
Going back to the NIST definition, Exchange Online is provided from a shared pool of resources. There is no additional capital investment required to add our company to the pool. You can add or remove users through an online administration console, and your monthly bill will reflect the number of active users. All data will replicated to a second site, and there won’t be any charges to upgrade.
In contrast, the outsourced offering does require a capital investment by the service provider, and that cost is reflected in the bill, even if the invoice lists only per seat charges. To add or remove a user, you may need to submit a ticket to the service provider, and wait until they confirm the task is complete.
If you make an acquisition and the size and number of mailboxes exceeds the initial capacity, additional time and expense may be required to accommodate the new users. Depending on the agreement, backups and upgrades may incur additional costs, and the SLAs may not be able to match those of the online offering.
Of course it’s not all one-sided; there are some advantages to dedicated hosting, especially when it comes to customization. In any case, there are enough differences between what came before (hosted email) and the new offerings (cloud-based email) that most people will agree that there is something new, even if they debate over what to label it.
What about the private cloud?
Even the cloud crowd can’t agree on this one. Without being too cynical, it’s easy to see why some companies (or even divisions or individuals within a single company) might have differing opinions.
Cloud Service Providers – There is no such thing as a private cloud. It’s only a cloud service if you buy it from us!
Hardware / Software Vendors – Of course there can be private clouds, just like there are private intranets and a public internet. And we can sell you a cloud operating system and some cloud hardware to build your own!
Larry Ellison – What Cloud? It’s a computer attached to a network!
Some vendors play on both sides, giving them an incentive to be more flexible with their definitions. And their actual statements (with one exception) are a bit more nuanced. In “Cloud Computing – the next evolution or another dot.com?” Balakrishna Narasimhan attempts to translate vendor statements from marketing to meaning.
||What they say
||What they really mean
||“Private” clouds offer many of the same benefits as “public” clouds but are managed within the organization. These types of clouds are not burdened by network bandwidth and availability issues or potential security exposures that may be associated with public clouds. Private clouds can offer the provider and user greater control, security and resilience.
||Cloud computing is a better datacenter
||Cloud research is focused on delivering an application and computing end-state of Everything-as-a-Service: billions of users, accessing millions of services, through thousands of service providers, over millions of servers, processing exabytes of data, delivered through terabytes of network traffic.
||Cloud computing means more hardware and networking
||“We’ve redefined ‘cloud computing’ to include everything we currently do. So it has already achieved dominance in the industry. I can’t think of anything that isn’t cloud computing.”
||Cloud computing is nothing new
||“the integration of on-site and off-site software on the vendor’s “loosely coupled, asynchronous” SOA platform”
||Cloud computing is a better Enterprise SOA
||“The future is a combination of local software and Internet services interacting with one another. Software makes services better and services make software better. And by bringing together the best of both worlds, we maximize choice, flexibility and capabilities for our customers. We describe this evolutionary path in our industry as Software + Services.”
||Cloud computing is desktop software, enhanced with internet-delivered data and access
||“It starts with the premise that the data services and architecture should be on servers. We call it cloud computing – they should be in a ‘cloud’ somewhere. And that if you have the right kind of browser or the right kind of access, it doesn’t matter whether you have a PC or a Mac or a mobile phone or a BlackBerry or what have you – or new devices still to be developed – you can get access to the cloud”
||Cloud computing is internet-enabled apps on a massively scaleable platform
||“Cloud computing offers almost unlimited computing power and collaboration at a massive scale. With Force.com Platform-as-Service, we are providing the necessary building blocks to make cloud computing real for the enterprise.”
||Cloud computing is SaaS + PaaS
||“cloud computing is that you can have all the resources that you want, could be storage, compute, networking, with an infinite amount of capacity, available to you to use on the internet, the only thing you need to use it is a credit card”
||Cloud computing is raw computing power, storage and networking as a service
With the tagline “Accelerating Enterprise Adoption of the Cloud”, Appirio also has some enlightened self-interest at stake in these definitions. From the same article, what they say:
Here at Appirio, we are dedicated to helping companies do more with cloud computing. That’s why we partner with companies like Salesforce, Google, Amazon, and Facebook, who are truly delivering on the promise of cloud computing. We help our clients steer clear of near-cloud concepts like “private cloud” and “software + service” because we believe they mitigate or eliminate many of the benefits of cloud computing.
What they mean: “Buy what we (re-)sell — the other stuff’s no good.”
I think focusing on the benefits is the right approach, but again, it’s not all one-sided. Many of the benefits claimed for cloud computing can be realized internally by using server virtualization, shared storage, and off-site replication. Not everything belongs in the public cloud, and in some cases an internal (or “private”) approach may be the best solution.
Whether the internal approach qualifies as “cloud computing” or not is another subject for debate. Dave Giroud, President of Google Enterprise, is not a believer in the private cloud. At the Google Atmosphere conference last month, he said the cloud computing term had been co-opted by non-cloud vendors. His litmus test: someone else incurs a lot of CAPEX (capital expenditures) so you can spend a little OPEX (operating expenditures). Otherwise, it’s not cloud computing.
A Few Words from the Believers
If you really want to believe, there are numerous evangelists with their own private cloud texts to follow. We will look at three: NIST, Gartner, and VMware.
What NIST Believes
The NIST cloud model is composed of five essential characteristics, three service models, and four deployment models.
• On-demand self-service
• Broad Network Access
• Resource Pooling
• Rapid Elasticity
• Measured Service
3 Service Models
• Software as a Service
• Platform as a Service
• Infrastructure as a Service
4 Deployment Models
• Private Cloud
• Community Cloud
• Public Cloud
• Hybrid Cloud
As NIST defines the private cloud: “The cloud infrastructure is operated solely for an organization. It may be managed by the organization or a third party and may exist on premise or off premise.”
Allowing the infrastructure to exist on premise and be managed by the organization seems to contradict or negate some of the benefits and essential characteristics of cloud computing. Except for the largest and most diversified of companies, supporting multi-tenant models and the appearance of “unlimited provisioning capabilities” will pose some challenges.
Even if those challenges are met, it is difficult to discern meaningful differences between the on-premise, company-managed version of a private cloud and an internal data center using virtualization, off-site replication, self-service, and chargeback technologies. Is that all it is?
What Gartner Believes
Gartner proposes that to be called a cloud service, a solution must adhere to “some combination” of these attributes:
• Scalable and Elastic
• Metered by Use
• Uses Internet Technologies
Allowing “some combination” of these attributes provides a lot of wiggle room. They then note two characteristics that distinguish private cloud computing:
• Limited Membership (that is, exclusive membership): A private cloud
implementation has a bounded membership that is exclusive
• Spectrum of Control/Ownership: A private cloud service is different from a public
cloud service in that private cloud services are implemented for an exclusive set of
consumers. There is a spectrum from fully private services to fully public services that
blurs distinctions of ownership or control.
Gartner defines private cloud computing as “a style of computing where scalable and elastic IT-enabled capabilities are delivered as a service to internal customers using Internet technologies.”
This is very similar to their general definition of cloud computing that appears in the first section of this article: “consumers” has been replaced by “internal customers”. We should note at least two changes to Gartner’s general definition over time: 1) “consumers” was originally “external customers”; and 2) “scalable and elastic” originally appeared as “massively scalable”. The changes seem primarily designed to allow for the construct of a private cloud.
What VMware Believes
VMware distinguishes between Internal Clouds (on premise) and Private Clouds: “Cloud infrastructure can reside within the company’s datacenters (as internal clouds or on-premise solutions) or externally on the Internet (via external clouds or off-premise solutions). It encompasses any, per-unit-accountable, subscription-based or pay-per-use service that extends IT’s existing capabilities.”
They also specify three use cases that map pretty closely to the 3 NIST Service Models. (The NIST models are in parentheses following the VMware cloud types.)
- Application and Information Clouds (Cloud Software as a Service) – e.g., Salesforce.com, Google Apps.
- Development Clouds (Cloud Platform as a Service) – e.g., Amazon EC2, Google App Engine
- Infrastructure Clouds (Cloud Infrastructure as a Service) – e.g., Amazon Web Services, Hosting.com
VMware views the Private Cloud as an off-premise extension of an internal cloud.
VMware identifies Eight Key Ingredients for Building an Internal Cloud
- Shared Infrastructure
- Self-Service Automated Portal
- Rich Application Container
- Programmatic Control
- 100% Virtual Hardware Abstraction
- Strong Multi-Tenancy
Not surprisingly, VMware sells these ingredients wrapped within and around what they call “The World’s first Cloud Operating System” (vSphere 4).
What I Believe
There is an important set of benefits commonly ascribed to cloud computing that are a natural result of implementing the computing model described by NIST. Some of the solutions brought to market in past two or three years deliver many of these benefits and can be substantially differentiated from their predecessors.
Cloud Computing Benefits
- Cost containment—The cloud offers enterprises the option of scalability without the serious financial commitments required for infrastructure purchase and maintenance.
- Immediacy—Many early adopters of cloud computing have cited the ability to provision and utilize a service in a single day.
- Availability—Cloud providers have the infrastructure and bandwidth to accommodate business requirements for high speed access, storage and applications. As these providers often have redundant paths, the opportunity for load balancing exists to ensure that systems are not overloaded and services delayed.
- Scalability—With unconstrained capacity, cloud services offer increased flexibility and scalability for evolving IT needs.
- Efficiency—Reallocating information management operational activities to the cloud offers businesses a unique opportunity to focus efforts on innovation and research and development.
- Resiliency – Cloud providers have mirrored solutions that can be utilized in a disaster scenario as well as for load-balancing traffic.
~ ISACA: “Cloud Computing: Business Benefits with Security, Governance, and Assurance Perspective”
It is very difficult to see how an infrastructure that is on-premise and operated by the organization’s own IT department could deliver on most of these benefits. Some would be impossible to achieve through an “internal cloud”, and others could be realized only at extraordinary cost. In which case, why do it?
It is also important to recognize risks that are unique to cloud computing. Gartner identifies seven issues customers should raise with prospective cloud service vendors.
Cloud Computing Risks
- Privileged user access. Sensitive data processed outside the enterprise brings with it an inherent level of risk, because outsourced services bypass the “physical, logical and personnel controls” IT shops exert over in-house programs.
- Regulatory compliance. Customers are ultimately responsible for the security and integrity of their own data, even when it is held by a service provider.
- Data location. When you use the cloud, you probably won’t know exactly where your data is hosted. In fact, you might not even know what country it will be stored in.
- Data segregation. Data in the cloud is typically in a shared environment alongside data from other customers.
- Recovery. Even if you don’t know where your data is, a cloud provider should tell you what will happen to your data and service in case of a disaster.
- Investigative support. Investigating inappropriate or illegal activity may be impossible in cloud computing.
- Long-term [vendor] viability.
~ InfoWorld: “Gartner: Seven cloud-computing security risks”
Considering cloud computing from a risk perspective, it does seem that a private cloud could mitigate many of these risks. For example, take a look at Amazon’s Virtual Private Cloud offering. The same holds true for a community cloud such as the Government Clouds that Amazon, Google and Microsoft are racing to build.
The benefits may be diluted, but as long as the infrastructure is built on a third-party platform and the management and operations responsibilities are segregated appropriately, benefits can still be had. The task would be to properly balance the benefits with the risk management needs of an organization.
If we reject the construct of an internal cloud but accept the notion of a private cloud, we also make room for the hybrid cloud. This would be where the private or community cloud interfaces with the public cloud.
So a risk/benefit approach to defining cloud computing allows for some flavor of all four NIST deployment models. What it doesn’t support is a private cloud of the “internal cloud” variety — one that is owned and operated on-premise by a single organization.
While that may be satisfying from a semantic perspective, it is not all that helpful in the real world. The marketing genie is out of the bottle, and no number of YouTube rants will put her back in. This holds for cloud deniers of all stripes.
“Cloud is a euphemism for an abstraction.”
~ Gartner Cloud Computing Workshop
So instead of fighting over definitions, it makes more sense to keep the conversation focused on benefits and risks. When a vendor raises the cloud banner, ask which of the benefits will be realized and to what extent.
For example, how “elastic” is the pricing? If your need for a service drops to zero tomorrow or next month, will the billing stop? Or do they require a multi-year contract with minimum annual commitments?
And how will they mitigate the risks? To make an informed decision, you need to go in knowing what benefits you’re after, and which risks are most important for you to avoid.
Many current vendor offerings are in beta or limited beta, so there are likely risks that have yet to surface. This meta-risk (the risk of not knowing what the true risks are) should be part of the equation, especially for mission-critical applications.
It really doesn’t matter if a proposed solution meets the requirements of evolving and conflicting definitions of the cloud, but it helps to be knowledgeable about the debate. That way you can clear away some of the smoke and focus on what does matter: does it deliver the desired business benefits, at a fair price, with acceptable risk.