With VMworld taking place this week, there’s been a lot of talk about VMware’s success in getting various companies to announce VMware-based cloud offerings. So I thought it was time to take another look at the vCloud API, which VMware has submitted to DMTF for consideration as a standard. My assessment: nice clean use of REST, including the use of Tasks for asynchronous operations; some welcome extensions to the OVF spec; but a long way short of what’s needed for a real multi-tenant Infrastructure-as-a-Service solution. Among the obvious gaps:
There’s no way of describing instance isolation/affinity (as in EC2’s “availability zone” scheme). This is a show-stopper for me.
There are significant gaps and problems with the whole org/users/authentication/authorization scheme. “Roles” and “Rights” are mentioned, but are not elaborated in the Programming Guide or the XSD files. In a multi-tenant system, I certainly don’t want users to be able to enumerate all of the Organizations living in my cloud. (And what kind of authorization is needed for that operation, anyway?)
The language of the specification is regrettably VMware-centric. Various concepts are defined implicitly in terms of VMware mechanisms, which is unacceptable for an open standard.
At a first glance, I can’t see how to achieve the kind of resource abstraction that I find attractive in EC2. I’d like to be able to create and share a vApp (AMI) without the user knowing (or caring) whether it used an LsiLogic SCSI controller or was running Windows Server.
Speaking of which, sharing is good. There needs to be some way of coupling vAppTemplates to a sharing or pay-for-use scheme.
This is certainly a reasonable starting point for an eventual DMTF standard – it’s significantly cleaner and more regular than some of the other candidates – but there’s a lot of work needed. (Did VMware really expect it to be accepted as-is?) I’m rather surprised at how limited it is in many respects; I’d expect them to have learned more from the defects of the Amazon API system.
UPDATE: Of course there are plenty of alternatives out there. Eucalyptus has its Amazon clone, Rackspace just open-sourced their APIs, and then there’s GoGrid and others. There’s even a “meta-API” coming from Cloudkick.
One of the curses of our jargon-filled era is the tendency to use simple words with subtle semantics as though no definition or explanation is needed. One of the words that are most frequently abused in this way is “secure”. In a provocative blog piece entitled “Encrypted Storage and Key Management for the cloud“, my colleague Jim Hughes takes the OVF committee to task for claiming to have described “an open, secure, portable, efficient and extensible format for the packaging and distribution of software to be run in virtual machines” without ever defining what they mean by “secure”. And then he proposes one possible approach, or perhaps a challenge:
What does it mean to have secure storage in the cloud:
Only I can boot my virtual machine,
Unauthorized tampering of my virtual machine will be detected,
My data is accessed solely by my virtual machine, and
The system should not require me to enter a key or passphrase.
These seemly simple goals are surprisingly elusive
Several friends have asked me exactly what I’m up to, and the simplest way I know to explain is to post the following job description for the team I’m putting together:
One of the hottest topics right now is “Cloud computing”: the transformation of IT infrastructure, applications frameworks, and business solutions into virtualized, dynamic, pay-as-you-go services. Now Huawei Technologies, a leading provider of wireless and fiber-optic telephony and networking systems, is poised to apply these important ideas to the area of telecommunications. We’re building a distributed team in Santa Clara, California, and Shenzhen, China, to deliver Virtual Data Center solutions to the world’s carriers. [This announcement is specific to the Santa Clara team; if you're interested in joining the Shenzhen team, please see your local Huawei office.]
The Huawei Virtual Data Center team in Santa Clara is looking for a few senior engineers to provide technical leadership for key elements of this program. Their job titles will probably include terms like “senior staff”, “principal”, “distinguished”, or “fellow”. And while they will have diverse experience and backgrounds, they will have deep knowledge of at least one of the following areas:
Scalable storage services, including distributed file systems, distributed object stores, content delivery systems, non-traditional data base designs, data encryption, and physical storage lifecycle management.
Security, governance and compliance, including federated identity services with delegation, public key infrastructure, and role-based access control at the API and UI level.
Large-scale systems and network management, including policy-based management, virtualization, managing geographically distributed resources for continuous availability and demand-driven consumption, logging and data reduction, and configuration and version management.
We will also hire a number of hands-on technical staff to support each of these domain experts. Each specialist group will work with their counterparts in Shenzhen, as well as with technology partners and Huawei customers worldwide. They will collaborate with product marketing and business teams on product definition and evolution, and will represent Huawei in selected standards activities. But we’re not looking for people who can only produce specifications and slideware. The Santa Clara groups will undertake advanced development and research into critical technologies, and are expected to generate patentable and publication-worthy innovations.
This is a great opportunity to join one of the fastest growing technology companies in the world. The team will be based in the Huawei offices in Santa Clara; we are not planning to include remote or work-from-home members. Some team members will be expected to spend at least 8 weeks each year on business travel to China and elsewhere. Knowledge of Chinese, while desirable, is not required, but excellent communications skills are essential.
As computation continues to move into the cloud, the computing platform of interest no longer resembles a pizza box or a refrigerator, but a warehouse full of computers. These new large datacenters are quite different from traditional hosting facilities of earlier times and cannot be viewed simply as a collection of co-located servers. Large portions of the hardware and software resources in these facilities must work in concert to efficiently deliver good levels of Internet service performance, something that can only be achieved by a holistic approach to their design and deployment. In other words, we must treat the datacenter itself as one massive warehouse-scale computer (WSC).
So instead of thinking about the data center as a service, which everybody has been doing under the headings of “cloud” and “IaaS”, the authors want to focus on the data center as an integrated system. From “the network is the computer” to “the data center is the computer”. I like it. James Hamilton has more here.
I’ve always thought that there were one or two areas where the US government ought to use its procurement clout to set basic standards. After fighting with a new web site that has its own ideas of what a legal password should look like, I long for a “password FIPS“. (Actually, there is such a document. It’s a shame so few people follow it.)
Anyway, it seems that the government (in the guise of NIST) has decided to give us a definition of “cloud computing”. Having just sat through a week of conference sessions in which each speaker devoted their first few slides to their own particular definition of “cloud”, I was initially skeptical. Is a single definition plausible at this point? Fortunately, the staff at NIST (led by Peter Mell and Tim Grance) seem to have done an excellent job of it. Here, via enomaly, is their first public draft:
Draft NIST Working Definition of Cloud Computing
4-24-09
Peter Mell and Tim Grance – National Institute of Standards and Technology, Information Technology Laboratory
Note 1: Cloud computing is still an evolving paradigm. Its definitions, use cases, underlying technologies, issues, risks, and benefits will be refined in a spirited debate by the public and private sectors. These definitions, attributes, and characteristics will evolve and change over time.
Note 2: The cloud computing industry represents a large ecosystem of many models, vendors, and market niches. This definition attempts to encompass all of the various cloud approaches.
Definition of Cloud Computing:
Cloud computing is a pay-per-use model for enabling available, convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, services) that can be rapidly provisioned and released with minimal management effort or service provider interaction. This cloud model promotes availability and is comprised of five key characteristics, three delivery models, and four deployment models.
Key Characteristics:
On-demand self-service. A consumer can unilaterally provision computing capabilities, such as server time and network storage, as needed without requiring human interaction with each service’s provider.
Ubiquitous network access. Capabilities are available over the network and accessed through standard mechanisms that promote use by heterogeneous thin or thick client platforms (e.g., mobile phones, laptops, and PDAs).
Location independent resource pooling. The provider’s computing resources are pooled to serve all consumers using a multi-tenant model, with different physical and virtual resources dynamically assigned and reassigned according to consumer demand. The customer generally has no control or knowledge over the exact location of the provided resources. Examples of resources include storage, processing, memory, network bandwidth, and virtual machines.
Rapid elasticity. Capabilities can be rapidly and elastically provisioned to quickly scale up and rapidly released to quickly scale down. To the consumer, the capabilities available for rent often appear to be infinite and can be purchased in any quantity at any time.
Pay per use. Capabilities are charged using a metered, fee-for-service, or advertising based billing model to promote optimization of resource use. Examples are measuring the storage, bandwidth, and computing resources consumed and charging for the number of active user accounts per month. Clouds within an organization accrue cost between business units and may or may not use actual currency.
Note: Cloud software takes full advantage of the cloud paradigm by being service oriented with a focus on statelessness, low coupling, modularity, and semantic interoperability.
Delivery Models:
Cloud Software as a Service (SaaS). The capability provided to the consumer is to use the provider’s applications running on a cloud infrastructure and accessible from various client devices through a thin client interface such as a Web browser (e.g., web-based email). The consumer does not manage or control the underlying cloud infrastructure, network, servers, operating systems, storage, or even individual application capabilities, with the possible exception of limited user-specific application configuration settings.
Cloud Platform as a Service (PaaS). The capability provided to the consumer is to deploy onto the cloud infrastructure consumer-created applications using programming languages and tools supported by the provider (e.g., java, python, .Net). The consumer does not manage or control the underlying cloud infrastructure, network, servers, operating systems, or storage, but the consumer has control over the deployed applications and possibly application hosting environment configurations.
Cloud Infrastructure as a Service (IaaS). The capability provided to the consumer is to rent processing, storage, networks, and other fundamental computing resources where the consumer is able to deploy and run arbitrary software, which can include operating systems and applications. The consumer does not manage or control the underlying cloud infrastructure but has control over operating systems, storage, deployed applications, and possibly select networking components (e.g., firewalls, load balancers).
Deployment Models:
Private cloud. The cloud infrastructure is owned or leased by a single organization and is operated solely for that organization.
Community cloud. The cloud infrastructure is shared by several organizations and supports a specific community that has shared concerns (e.g., mission, security requirements, policy, and compliance considerations).
Public cloud. The cloud infrastructure is owned by an organization selling cloud services to the general public or to a large industry group.
Hybrid cloud. The cloud infrastructure is a composition of two or more clouds (internal, community, or public) that remain unique entities but are bound together by standardized or proprietary technology that enables data and application portability (e.g., cloud bursting).
Each deployment model instance has one of two types: internal or external. Internal clouds reside within an organizations network security perimeter and external clouds reside outside the same perimeter.
The fifth and final day of Cloud Slam ‘09 has dawned, and it’s time to liveblog.
7:00am First up is Simon Crosby of Citrix, asking the question “IaaS – is it enterprise ready?” From what we’ve heard so far, the answer depends on exactly what the “enterprise” customer wants to do with it, but that’s just my opinion. Actually his title is “Bridging the Enterprise to the Cloud”. He suggests that the big problems are not technological, but organizational: traditional technologies led to fiefdoms. So the cloud is not just about technology, but what I’d call “organizational refactoring”. ‘Twas ever thus… As for virtualization, it’s an enabler of agility: it’s the way an application owner can get out of the business of infrastructure management. It’s not just the hypervisor: it applies to compute, network, storage, desktop…. “Virtualization is nothing more than separation: shed everything that is not strategic. [...] Virtualization is late binding.” However he also said “more layers of virtualization, more benefit” which seems disingenuous: each layer has both benefits and costs. Nice intro to Xen, which Citrix commercializes as XenServer. (But why must these technologies be free? That feels like a gratuitous competitive jab….)
8:00am Jake Sorofman of rPath. rPath’s mission is ambitious: “automating the creation, configuration, deployment and maintenance of complete systems that run in any traditional, virtualized and cloud computing environment.” Jake’s presentation is based on a CMMI-inspired view of how one should adopt cloud-related technology and business patterns, starting with virtualization, experimentation (with EC2, of course) and ending with “cloud actualization” (trumpeted as “hypercloud” or “cloud Nirvana”). At each step he suggests that one should consider readiness criteria, actions/investments, metrics/returns, and risks. This is an eminently sensible methodology.
9:00am Shahzad Pervez of Kaavo. Taken the benefits of cloud (i.e. IaaS) as a given, how do move our existing applications to the cloud? Kaavo’s product is an application-centric configuration management workflow system that’s intended to handle the life-cycle of complex (composite, n-tier, SOA) applications. While Shahzad explains the product, I find myself wondering about the holistic vs. component approaches. Small companies like Kaavo are building integrated, end-to-end systems in which the various data models, events, domain-specific rules languages, and internal service flows are proprietary. On the other hand, heavyweight players like VMware and Cisco are setting standards for many of the components – VM configuration, virtualized network topologies, etc. How will things sort and settle out?
10:00am Now we have Jayshree Ullal, CEO of Arista Networks. (Interestingly, she still shows up in the exec bios section of the Cisco web site.) Arista Networks is Andy Bechtolsheim’s latest startup, so the session title – A Novel Approach To Cloud Networking – is probably well deserved. [...] And it was. This was another one of those sessions where I couldn’t break away for long enough to type in my thoughts. I’m going to have to follow up offline, and read some of Arista’s materials. The bottom line: these guys are redefining 10Gb Ethernet. Imagine Ethernet with almost all of the benefits of Infiniband, particularly low (and stable) latency. Awesome.
11:00am: There’s a panel on cloud computing and storage. No details in the conference schedule, so we’ll have to see what aspects of storage they’re going to discuss. Services? Protocols? Media? Availability? Security? Inquiring minds, etc…..
OK, this is going to be unwieldy – an 7 person panel with a 55 minute slot. Participants are Jinesh Varia of Amazon.com, Cameron Bahar of Parascale, Stephen Foskett of Nirvanix, Mike Linett of Zerowait, Jeff Whitehead of Zetta, Jim Cuff of Iron Mountain, and Doug KO of Bycast. (The EMC participant was MIA.) The questions are the ones you’d expect, and the responses reflect the usual balancing act of generic opinion and product placement. I’m hoping for some interesting nuggets, but it’s hard to listen to all of the advertising. And the moderator (Jon Toigo) is tossing out various vendor-specific softballs…. OK, now we have a provocative question: what kind of bonding and insurance do storage service offer to their customers? (No, the traditional SLA isn’t an adequate way of thinking about it.) SAS-70. ITAR. Big issues.
[I'm going to take a break now, until the IBM presentation this afternoon.]
12:51pm: I’m back from a lunch break (watching the practice for the F1 GP in Bahrein this weekend) and I’m plugging in for Sri Chari’s session on IBM’s “Computing on Demand (CoD) cloud solution”. The industry tradition is to couple any IBM technology initiative with an army of Professional Services personnel, so I wonder how much CoD will embrace the “cloud” mantra of self service. We’ll see in a minute. Sri is actually from Cabot Partners, not IBM, so we may get a relatively independent viewpoint.
Dr. Chari started out with an original way of thinking about IT resources. Rather than comparing it with utilities like electricity, he proposes that we think about aviation:
IBM’s CoD (IaaS) is a contractually burdensome kind of beast, which includes the establishment of specific VPNs between customers and IBM data centers. They offer both consumption-based and dedicated (N-year lease) models; curiously the pay-as-you-go model isn’t available in the UK. It’s basically an outsourcing deal; it doesn’t have many of the generally-accepted attributes of a cloud. (But after this week I shouldn’t really be expecting any semantic precision.) Not very interesting.
1:49pm In a few minutes, David Bernstein of Cisco will be back. (He did a keynote on day 2.) The topic is “cloud interoperability” – actually “Introduction to the Intercloud”(!). I wonder if I should toss him a question about whether we really need the tag-based VN-Link model that he talked about on Tuesday. This morning I asked Jayshree Ullal about whether Arista Networks was going down that path, and she was pretty vehement that we had enough standards in this area; we don’t need yet another tagging framework.
Anyway, Bernstein’s pitch is motivated by a statement by Chambers that they want to do for the cloud what they did for switching and fabric. One interpretation of this is that they expect to see carriers jumping into the cloud space, and there will be cloud-to-cloud exchange mechanisms – exchange points, protocols, brokers, exchange and peering architecture, and even a root cloud. These will apply to public and private clouds. And at this level, there will be regulation – the equivalent of IANA and ISOC.
[I'll link to materials later - I need to concentrate on this now.]
3:00pm I’m going to take in one more session today: Neil Cohen of Akamai is talking about “optimizing the cloud for enterprise class computing”. The scheduling is fortuitous: during the Q&A for the last session, I asked David Bernstein if he sought that CDN’s were going to be subsumed into the “intercloud”. The idea is that migrating content and processing to “the edge” will simply be a particular case of content and processing migration. Since Akamai specializes in traditional CDN as well as “edge” processing, it will be interesting to see what he has to say.
Well. Neil wants us to set aside our assumptions about CDNs and stuff for which Akamai is known, and focus on the role of overlay networking. OK fine. But all of the introductory slides recite the classic arguments for CDNs: pageweight going up, internet unpredictability, distance implies latency. And then we get the questions: how do we make the internet predictable, and how do we get global reach from a single instance? His answer is Akamai’s “edge platform”: 40K servers in 1,500 locations. I guess that this is what I assumed a CDN did; perhaps I’ve spent too much time listening to marketing pitches.
But after talking about edge-hosted content, he switched focus to the overlay network features, demonstrating Akamai-enabled overlay routing that has a dramatic impact on the number (and quality) of hops from server to client. But Akamai doesn’t actually own any bandwidth. So basically Akamai is exploiting the fact that the default BGP-based routing through the Internet sucks. (It’s interesting that almost all of the examples shown feature international traffic to the Far East; I’ve been told that BGP within North America and Western Europe is actually pretty good.) And then we get an advert for Akamai’s “State of the Internet” report.
So all of this is just fine: Akamai has a very successful business model. But it feels rather… orthogonal to any cloud-related ideas.
So that’s the end of Cloud Slam ‘09 – for me, anyway. It’s been a very interesting and useful conference. We need to figure out the best way of capturing the “networking” aspects of traditional conferences, but in general I think this virtual conference worked really well.
It’s the fourth day of Cloud Slam ‘09, and once again I’m going to be liveblogging about the presentations I’m attending. This morning’s first session is starting a little later than yesterday: it’s coming up on 7am Pacific, so I’ve been able to pop across the street to Starbucks to procure caffeine in my preferred package.
7:05am: my old friend Hal Stern of Sun Microsystems is going to tell us “what does cloud computing mean”. (He’s in Mumbai this morning, which is a nice twist on the “virtual conference”.) Per Hal, the essence of cloud computing is that by adding a layer of virtualization, it introduces a new kind of contract between developers and deployers. Five major classes of use case, each with distinct issues: test, processing offload, storage offload, augmentation, web service. Three levels of abstraction – SaaS, PaaS, IaaS. And ownership – public, private, hybrid. (This is all pretty standard, which is not a bad thing: we’ve had far too many idiosyncratic views of “cloud”.) For Hal, this is all leading into a consideration of reliability: his thesis is that classical strategies for reliability and availability break down when we move from classic data center administration to cloud patterns. In particular, responsibility for dealing with failure moves from the deployer to the developer. Hat-tip to Trindade & Tobias on “Applied Reliability”. His summary points: usage models will drive redundancy models, forget 9s, Bathtub curves not MTBF, developers are impacted, and (per Tim Bray) telemetry is the new toolsmithing. (Interestingly, these are all key conclusions that I arrived at from my time at Amazon.)
8:00am Mike Maxey of Parascale, speaking on cloud storage workloads. As I started drafting this, I clicked over to the Parascale website, and the first thing I saw was a bright orange button inviting you to “TRY: Download a 4TB Cloud FREE”. Yet another abuse of the “cloud” word…. Never mind: let’s see what Mike has to say. He’s carving the cloud into into three segments: cloud apps (SaaS), cloud compute (mostly IaaS), and cloud storage. In storage, he contrasts HPC storage and clustered NAS with public and private cloud storage. Useful chart… but it’s unclear why he assumes that private and public cloud will use different clients. Doesn’t that break any cloudbusting/hybrid patterns? Or is he defining a private cloud storage system as one that uses non-HTTP client access protocols? Anyway, he’s now running through a useful set of workloads (use cases).
[I'm taking a break now - next session at 10am.]
10:00am: We now have a keynote on “The Open Cloud” by Maximilian Ahrens of Zimory. Zimory’s a spin-off from DT Labs; I remember visiting their Berlin labs in about 1999. Max’s core thesis is that we’ve had an inversion in timescales: business strategies are now changing far more rapidly than technology infrastructure.
[...] Hmm. The main message that I’ve taken from the first 30 minutes is that open clouds depend on a single shared open-source code-base, because standards don’t work. So Eucalyptus is a waste of time, I guess, and VMware has no role to play. And internal clouds are not of interest to enterprises? Unconvincing.
11:00am: John Janakiraman and Ian Knox of Skytap on “Deploying Your Existing Applications to the Cloud”. Skytap supports cloud-based application testing, and (not surprisingly) they find that for existing apps, the most common use of the cloud is for test. For other use cases, people are adapting or writing cloud-specific application. Given the uncertainty around compliance and governance in the cloud, as well as the functional characteristics of systems like EC2 and S3, this shouldn’t be surprising. Presumably the test data is “clean”, and doesn’t lead to privacy concerns. The bulk of the presentation is a case study of a Skytap customer, WildBlue, followed by a live demo of the Skytap product. (I think this is the first time I’ve heard a presenter discussing the pricing for their product in this kind of conference.)
12 noon: Margaret Lewis of AMD. She said that the question she’s always asked is why a processor vendor is interested in cloud computing? Seems pretty obvious to me. And in fact the whole presentation is pretty elementary. Good for folks that have been living under a rock, but ho-hum for those of us who have been living this stuff for a while. And she’s using “cloud” in a thoroughly unconstrained way: one moment contrasting personal and professional clouds, the next bringing in something called a performance “cloud”, including gaming, rendering and visualization “clouds”. Aargh!
1:00pm: Now we have Surgient CTO Dave Malcolm, talking about considerations in building private clouds. Hmmm… they claim to have a patent on “virtualization-based cloud computing”. So what do they call a cloud? They use the Forrester consumption-based infrastructure definition from Staten. And we’re given “five pillars of cloud computing”: dynamic virtualized infrastructure, self-service, automated self-management, service-centricity, and consumption-based charging. For the rest of the talk, it felt like the kind of “business benefits of cybernetics/IT/computerization” exposition that I’ve seen for ~30 years, with “cloud” plugged in as appropriate.
2:00pm I’m going to listen to one more talk today: “Securing your data in the cloud”. (There are two more sessions, but neither really grabs me.) The speaker is Omer Trajman of Vertica. I love his definitional slide:
What are Cloud Services? Other people’s software.
What are Cloud Platforms? Other people’s frameworks.
What is Cloud Infrastructure? Other people’s hardware.
LOL! The rest of the talk was essentially a tutorial: what kind of data should be secured, what “security” means, something of the history of security, and what tools are available to implement security policies. Encryption, VPNs, firewalls, that kind of thing. Extremely clear and comprehensible – nothing I didn’t already know, but valuable if you need it. Compared with some of the other talks, this was delightfully low-key, with no aggressive product placement. One excellent takeaway was a link to “Twenty Rules for Amazon Cloud Security”. Recommended.
And that’s it for Thursday. Tomorrow I’ll be starting at 7am Pacific.
Day 3 of Cloud Slam ‘09. As before, I’m going to be liveblogging the events of the day.
5:00am Pacific (yes, it’s still dark outside) The first session of the day is entitled “The Dollars and Sense of Cloud Computing” by Mark De Simone. He’s from a Dutch company, Cordys, which calls its product “The intelligent cloud platform”. Let’s see what that’s all about… First dozen slides is all about where the money goes in IT, and how the innovation vs. sustaining balance is “unsustainable”. Since people have been moaning about this for 30 years, it’s not clear that this stuff is “unsustainable”: it may just be a natural consequence of the way people cope with change. So now we have the Cordys product, an orchestration platform which claims 7x reduction in cycle time. When I see a slide with a title like “Improving the Effectiveness of IT by 500%”, I think that it’s time to re-read Sarah Sheard’s “the life cycle of a silver bullet”. [...] OK, this sounds like a classic business process orchestration pitch, recast in terms of clouds. Gross abuse of the word “cloud”, IMHO. As with all orchestration systems, there is a tendency to overstate the ability of the product to manage semantic mappings between the data models of the various systems that are being orchestrated. I’m unimpressed.
6:45am Getting ready for Werner Vogels‘ “Ahead in the Cloud” talk. I know these slides well; when I was at Amazon, I mashed them up with material from Jeff Barr to use in some of my own presentations. However I’m still interested in hearing what Werner has to say, and whether he’ll mention such things as private clouds, Eucalyptus, and Sun’s announced plans to offer what amounts to a semi-clone of AWS. (And if he doesn’t, there’s always Q&A…) [...] Well, actually there was no Q&A. Good pitch for AWS, though. Creative….
8:00am I’m trying to join a session with Jon Pyke on cloud service orchestration. No audio. An error message instead of slides. What’s wrong with this picture? I guess that I’ve got an hour of free time on my hands. At a regular conference, this would be an opportunity to cruise the trade show booths, grab a coffee, or network; at a virtual event, it’s a chance to empty the dishwasher and do some laundry. Odd…
9:00am Adam Swidler of Google Enterprise is going to be discussing how “working in the cloud is reshaping enterprise technology”. It would be nice if this was a “war stories from the trenches” tale of experience, but it’s more likely to be a product pitch. We’ll see. [...] Swidler is defining cloud computing as SaaS and hosted apps. He’s citing Nicholas Carr’s “The Big Switch”. [...] Nice statistic: the solar panels on all the Google Mt. View campus generate 30% of the campus energy needs. And there are some nods to the importance of infrastructure scale in reducing costs and increasing availability. But overall this is a web application session. No reference to IaaS or PaaS; nothing about Google App Engine. Oh well. A questioner pointed out the delicious irony that Adam cited “The Big Switch” about how companies shifted from generating their own electricity to using power from the grid; a few slides later he showed proudly how Google is… generating their own electricity! Obviously the context is different, but it’s still a curiosity.
10:00am Now we have a keynote from Stephen Herrod, CTO of VMware, on private clouds. How can we transform internal data centers so that they have the attractive properties of a hosted IaaS service? VMware plans to sell versions of their vSphere 4.0 “Cloud OS” to both enterprises and hosting providers, to encourage a marketplace of cloud providers and support “cloud-busting” and hybrid configurations. So how many public cloud providers do they expect to emerge after the inevitable shakeout? They’re working with 500(!) providers right now, which seems implausible. A bit of handwaving about the governance/compliance issues…. Interesting discussions about virtual machine migration, breaking the location and identity which are wrapped up in IP addressing, and referring to the VMware partnership with Cisco in this area.
[Cool phrase of the day: "Follow the moon computing", looking for the cheapest power.]
For the 11:00am slot, I’m going to take in one more session on the legal aspects of cloud computing: Robert Friedman on “The Virtual Long Arm of the Law”. The focus is on jurisdiction: where can someone be sued for some action? Setting aside subject matter jurisdiction, if someone is under the jurisdiction of a particular court, you have to have a connection with the place associated with the court. State courts have adopted a “long-arm jurisdiction”. Etcetera. (I’m not going to dive into the details – IANAL – but everyone in business needs to be aware of this stuff.) Now, how do all these existing laws apply to a virtualized world? Lots of arcane case-law which adds up to a really interesting picture.
[I'm now taking a 2 hour break; the next session I'm attending starts at 2pm Pacific.]
Next up: Moshe Kaplan and Ayal Baron of Rocketier, speaking on “The Pareto Illusion – Why we end up paying too much for cloud services and what can we do about it?” Is this going to be a reprise of the McKinsey report? [...] OK, this is looking a step ahead. If cloud computing is seductively easy and feels almost free (using AWS as an example), we run the risk of runaway OpEx on cloud services. Sure, it’s better than CapEx, but the opportunity for wasteful use still exists. So Rocketier would like to sell us a methodology for controlling the burn rate on cloud consumption. Sounds attractive. The actual case studies discussed were fairly mundane, but the point is worth thinking about.
3:00pm Another compliance and security session, this time with Dennis Moreau of Configuresoft. [...] Sorry about the delay… I was so engrossed in the presentation, and the information flow rate was so high, that I didn’t want to stop to record my thoughts. This was an excellent presentation – the best of the conference so far. Let me quote from the abstract:
While cloud computing promises major agility, hosting and implementation advantages for an innovative class of applications and services, it also introduces some new complexities in the areas of validating security posture, assessing regulatory/statutory compliance, establishing coherent trust levels across the service stack and modeling risk across more coupled assets and service composition.
Cloud infrastructures often leverage the asset isolation, resource sharing and provisioning dynamics of virtualization technology. Isolation limits the visibility of security configuration across layers of complex technology, each with emerging vulnerabilities and consequent control and remediation requirements. Intimate resource sharing creates a degree of coupling of both security posture and operational behavior of co-hosted assets. The fluid nature of workload distribution over dynamically provisioned hosting stacks, places new demands on both configuration visibility and security configuration policy alignment.
This was not a high level “in principle” kind of talk: it was technically deep, using real examples of vulnerabilities and coupling issues. It was pretty clear that Configuresoft offers tools to gather, analyze, and act upon the kind of complex configuration information needed to address these issues, but Dennis didn’t need to sell them: his presentation focussed on the issues, and spoke for itself.
I enjoyed it immensely. Highly recommended.
That’s it for today: I don’t need to hear about yet another J2EE container. My old friend Hal Stern is speaking tomorrow at 7am Pacific; until then, I’m signing off.
Recent Comments