cloud computing in the enterprise: a question of control · cloud computing in the enterprise...

Cloud Computing in the Enterprise: A Question of Control ….. And who has it ….

INF5210

Ben Eaton

12/11/2013

1

The Cloud – We all use it as consumers

But I’m going to talk about cloud computing in an enterprise setting

• Background

• Defining the Cloud

• Cloud Architecture

• Managing the Cloud in organisations

• Adoption & Issues of Cloud in the Enterprise

3

Cloud Computing in the Enterprise

• Background

• Defining the Cloud

• Cloud Architecture

• Cloud Governance

• Adoption & Issues of Cloud in the Enterprise

4

Emerging Phenomenon

In Public Discourse

5

Emerging Phenomenon

• Forecast growth in industry revenues associated with Cloud Computing (Forrester):

– $61Bn for 2012 (Kirsker, 2012)

– Growing to $241Bn by 2020 (Dignan, 2011)

• Cloud represents a $3.3 trillion “transformation that’s going on in the computing world”

• Microsoft are “betting the company” on cloud (Steve Ballmer CEO Microsoft 2011)

6

Gartner’s Hype Cycle for 2012

7

There really is substance to the Cloud

“The public cloud services market is forecast to grow 18.5 percent in 2013 to total $131 billion

worldwide, up from $111 billion in 2012”

Source:

“Gartner Newsroom”

Gartner 28/02/2013 http://www.gartner.com/newsroom/id/2352816

8

Cloud Computing in the Enterprise

• Background

• Defining the Cloud

• Cloud Architecture

• Cloud Governance

• Adoption & Issues of Cloud in the Enterprise

9

Technical Origins of Cloud Computing

• Computing as a service and accessing remote and distributed hardware and software resources over a network is not a new concept.

• 1960's notions of : – "computing utilities" (Cafaro & Aloisio, 2011; Kleinrock, 2005) – Virtualisation (Graziano 2011)

• Gradual development over next forty years, e.g.

– Distributed IT infrastructures in the 80's and 90's – Application Service Provision (ASPs) in the 90's and 00’s

• However they were all constrained by a lack of computing power and

network bandwidth.

(Venters & Whitley 2012)

10

Technical Origins of Cloud Computing

Factors conspired at the turn of the millennium to facilitate Cloud Computing:

• Rise of cheap computing power and network bandwidth

• The rise of large scale computing architectures and enabling technologies around Grid computing enabling affordable high power computing tasks

• Adaptation of these architectures for large data centres of commodity hardware to service the IT business needs of organisations such as Google, Amazon and Microsoft

• Commercialisation of their computing architectures in ways that could be sold as the first Cloud Computing services.

(Venters & Whitley 2012)

11

In its most Basic Form

It is a means of:

• outsourced shared-computing where resources

– are virtualised, distributed and pooled amongst external data centres

– accessed by users through the internet

(Venters & Whitley 2012)

12

Virtualisation & Virtual Machines

Cloud Computing Definition

U.S. National Institute for Standards and Technology (NIST):

“Cloud computing is a model for enabling ubiquitous, convenient, on–demand network access to a shared pool of configurable computing resources (e.g. networks, servers, storage, applications and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction”

(Mell & Grance, 2011)

14

Key Components of Cloud

15

What it delivers – Service Models

• Customers may purchase:

– Infrastructure as a Service (IaaS)

– Platform as a Service (PaaS)

– Software as a Service (SaaS)

16

Infrastructure as a Service (IaaS)

• Virtualisation of physical Compute Assets – Storage – Processing

• No control over underlying cloud infrastructure

• Control over ability to deploy and run software

– operating systems and applications

• E.g. Amazon Web Services (AWS)

• Used for:

– File Backup – Temporary Processing – Campaigns, Product Design

17

Platform as a Service (PaaS)

• Virtual development environment

• Develop & deploy applications for the Cloud

• No control over underlying Cloud infrastructure

• Control over deployed application – e.g. provisioning and access

• E.g. Google App Engine, Microsoft Azure

• Used for:

– Startups – quick way of deploying Cloud apps – Enterprise productivity - apps for internal to the org – Enterprise storefronts – means of developing interface between business and public

18

Software as a Service (SaaS)

• Access to Service Providers Applications that execute on the Cloud

• Accessed via thin client interface such as a web browser (or smartphone app)

• No control over underlying Cloud infrastructure

• Minimal control over application settings

• E.g. Gmail, Google Docs, DropBox, Facebook, Evernote etc

• Uses: You name it …

19

Scope of Control

Source: Liu et al (2011) – NIST Cloud Computing Reference Architecture

20

Essential Characteristics

• On Demand Self Service – Commoditised

• Measured Service

– Variable Cost Model, pay for capacity you use

• Resource Pooling

– High Utilisation & Economies of scale

• Rapid Elasticity

– Commission / Decommission Capacity

• Broad Network Access

– Accessibility over internet

21

Which meets Organisations’ desires to

• Simplify the management of their IT resources (hardware, middleware and software) resources

• Scale up (or down) available resource capacity dynamically on demand

• Reduce and simplify their costs

• Whilst ensuring levels of data security, service latency and service availability are at least maintained and preferably improved.

22

Deployment Models

• So far so good … but … Cloud can be deployed in different ways

– Public

– Private

– Hybrid

– Community

• Which have implications on the organisation ……. ……control!

23

Public Cloud

Source: Liu et al (2011) – NIST Cloud Computing Reference Architecture

24

Public Cloud

• Multi-tenancy architecture open to all

• E.g: Amazon AWS, Google App Engine, Microsoft 365 etc

• Benefits of computing with: – Significant Cost Savings (Economies of Scale, PAYG, Low Overheads) – Hi Performance (Super computer power,Latency) – Very Flexible (switching on & off Virtualised Hardware and Software)

• Popular with Small Medium Businesses = Access to Power

• Comes at cost of loss of control

– Lack of transparency – Sharing of computing assets – Your competitor could be using the neighbouring VM – how secure?

25

Private Cloud

Source: Liu et al (2011) – NIST Cloud Computing Reference Architecture

26

Private Cloud

• Not shared - operated solely for a single organization.

• Hosted / Non Hosted Solutions

• Benefit: Under enterprise control

• Whilst VM architecture essential, it will lack benefits of sharing:

– Cost; Scalability; Performance

27

Community Cloud

Source: Liu et al (2011) – NIST Cloud Computing Reference Architecture

28

Hybrid Cloud

Source: Liu et al (2011) – NIST Cloud Computing Reference Architecture

29

Cloud Computing in the Enterprise

• Background

• Defining the Cloud

• Cloud Architecture

• Cloud Governance

• Adoption & Issues of Cloud in the Enterprise

30

(NIST) Cloud Reference Architecture

Resource Abstraction

Resource Control

Hardware

Facility

Service Orchestration

Clo

ud

Ser

vice

M

anag

emen

t

Secu

rity

Pri

vacy

Cloud Provider Cloud

Consumer

Cloud Auditor

Cloud Broker

Cloud Carrier

Ph

ysic

al

Laye

r Se

rvic

e

Laye

r R

eso

urc

e

Laye

r

Source: Liu et al (2011) – NIST Cloud Computing Reference Architecture 31

Cloud Service Orchestration Architecture

Service Layer (s/w)

Resource Abstraction & Control Layer (m/w)

Physical Resource Layer (h/w)

Resource Abstraction

Resource Control

Hardware

Facility

Web, HTTP (REST / SOAP)

32

Service Layer

Service Layer (s/w)

Resource Abstraction & Control Layer (m/w)

Physical Resource Layer (h/w)

Resource Abstraction

Resource Control

Hardware

Facility

Web, HTTP (REST / SOAP)

33

Physical Resource Layer

Service Layer (s/w)

Resource Abstraction & Control Layer (m/w)

Physical Resource Layer (h/w)

Resource Abstraction

Resource Control

Hardware

Facility

Web, HTTP (REST / SOAP)

34

Virtualisation & Virtual Machines

Resource Abstraction & Control Layer

Service Layer (s/w)

Resource Abstraction & Control Layer (m/w)

Physical Resource Layer (h/w)

Resource Abstraction

Resource Control

Hardware

Facility

Virtual Machines & Virtual Storage

Resource Allocation

Access Control

Usage Monitoring

APIs Web

Hypervisors

36

Single Tenancy vs Multi Tenancy

Single Tenancy

Multi Tenancy

User A @ Company 1

User B @ Company 1

User C @ Company 1

User A @ Company 1

User B @ Company 2

User C @ Company 3

Multi – Tenancy & Risk

On-Premises Data Centre (e.g. Private Cloud)

Off-Premises Data Centre (e.g. Public Cloud)

From: Cloud Security Alliance - https://wiki.cloudsecurityalliance.org/guidance/index.php/Cloud_Computing_Architectural_Framework

Security Concern? Independent organisations sharing the same hypervisor ……… 38

Public Cloud Service Orchestration: e.g. Amazon

Service Layer (s/w)

Resource Abstraction & Control Layer (m/w)

Physical Resource Layer (h/w)

Xen Hypervisor

Proprietary

Proprietary

Proprietary

= Closed Standards

= Open Standards

39

Private Cloud Service Orchestration: e.g. Cloudstack

Service Layer (s/w)

Resource Abstraction & Control Layer (m/w)

Physical Resource Layer (h/w)

Xen

CloudStack Management Server

Open

Open

KVM vSphere

= Closed Standards

= Open Standards

40

Comparison of Service Orchestration Stacks

Amazon

Amazon

Amazon

Amazon

Amazon AWS

Ph

ysic

al

Laye

r Se

rvic

e

Laye

r R

eso

urc

e

Laye

r Open

Cloudstack

Open

Open

Cloudstack

HTTP (REST/SOAP)

Resource Abstraction Resource Control

Hardware

Facility

Amazon Open

HTTP (REST/SOAP)

• Monolithic • Black Boxed • Closed • Cloud Service Provider

Has Control

• Open • Layered Modular • Enterprise/Outsourcer

Has Control

“Public” “Private”

41

Wider Cloud Ecosystem

Resource Abstraction

Resource Control

Hardware

Facility

Service Orchestration

Clo

ud

Ser

vice

M

anag

emen

t

Secu

rity

Pri

vacy

Cloud Provider Cloud

Consumer

Cloud Auditor

Cloud Broker

Cloud Carrier

Ph

ysic

al

Laye

r Se

rvic

e

Laye

r R

eso

urc

e

Laye

r

42

Wider Cloud Ecosystem NIST Reference Architecture

SaaS CSP e.g. Microsoft

PaaS CSP e.g. Google

IaaS CSP e.g. Amazon

Hardware Vendor e.g. HP

Facility Provider e.g. Rackspace Cloud Carrier

e.g. Akamai

Cloud Service Management e.g. Vordel

Cloud Security & Privacy e.g. Level 7

Cloud Broker e.g. Jamcracker, Liaison

43

Cloud Computing in the Enterprise

• Background

• Defining the Cloud

• Cloud Architecture

• Cloud Governance

• Adoption & Issues of Cloud in the Enterprise

44

Governance of Enterprise Cloud

• Concerns how enterprise IT department manages cloud services with different stakeholders such as:-

• With rest of the enterprise organisation

• With the State

• With Suppliers (Cloud Service Providers & Vendors)

45

Managing the Cloud : vis-à-vis the rest of the organisation

• Management of cloud = – sourcing – purchasing – integration with portfolio – usage – When to get rid of

• Who manages Cloud services? • The IT Department …. Or • Departments themselves (e.g. marketing, sales, finance etc)

– LOBS provisioning their own services ….. DropBox … security • Enterprise Cloud Service Broker

– Bring Your Own Device (BYOD)

• The changing role and skill sets of the IT department in a Cloud based

enterprise – This will effect you!

46

Governance of Enterprise Cloud: vis-à-vis the state (national & EU law)

• Compliance with local laws & regulation – Act No. 31 relating to the processing of personal data (Personal Data Act) (14 April 2000)

– Data laws and regulations increasingly by industry vertical • E.g. retail banking - Bankenes Standardiseringskontor (BSK)

• Compliance with international laws – EU Directive 95/46/EC – “Data Protection Directive”

• processing of personal data

• free movement of personal data

– Section 404 of the Sarbanes-Oxley Act of 2002

– Complexity of competing jurisditions (customer, CSP, host)

• Audits – E.g. SAS 70

47

Governance of Enterprise Cloud: vis-à-vis suppliers (& contracts)

• Contractual relationship – Can have similarities to outsourcing contract

– Tensions between the different parties

• Enterprises desire “tight” & “tailored” contracts offering – Equivalence to In house systems

– Measures to minimise perceived risk (see next page)

– Commitment to detailed levels of service – allowing enterprises to retain control

– Outsourcing style contracts

• Public CSPs desire “loose” & “general” contracts reflecting – Commoditised XaaS style services

– Risk Avoidance

– Minimum SLAs (a la Amazon)

48

Example Risks • Geographic Risk

• e.g. Whose Jurisdiction? • Data Security Risks

• e.g. What happens when you move Cloud Service Provider?

• Contractual Risks • e.g. Can supplier change terms without me knowing?

• Architectural Risk

• e.g "Lock in" to vendors integrated cloud stack

• Ecosystem Risk • e.g. Long supply chain in Cloud – your service is as strong as the

weakest link

49

Cloud Computing in the Enterprise

• Background

• Defining the Cloud

• Cloud Architecture

• Cloud Governance

• Adoption & Issues of Cloud in the Enterprise

50

Architectural Integration in the Cloud

• Integration at the level of: – Infrastructure; Data; Applications; Service Management

• Integration with:

– Existing legacy systems – Between public & private

• Cloud Bursting

– Between different public cloud services • Advanced Cloud Service Brokerage

• An issue of Cloud architecture:

– At the level of design rules and interfaces such as APIs – A debate concerns whether interfaces need to be standardised or not

• An emerging issue

– Not yet experienced Globally / Norway – But it is bound to become an issue

51

Standardisation in the Cloud

• Standardisation of What? – Interoperability, Security & Privacy, Data Portability

• Formal Standardisation

– Efforts slow to take off – Cultural difference in Europe vs US – A break on innovation & fast tracking commoditisation? – Dominant (US) platform owners see it as a threat/opportunity?

• Informal de Facto standards

– Based on emerging dominant platforms – Closed Standards …. e.g. Amazon – Open Standards ….e.g. Cloudstack – Increasing adoption of Amazon standards in other platforms (e.g. Cloudstack)

as an attractor to build installed base

52

CSPs evolving portfolios

• Public CSPs adding private cloud capabilities to their portfolios – Amazon Virtual Private Cloud – Still not adopting outsourcing contract model – Attracting large customers ….. e.g. the CIA!

• Private->Public

– VMware vCloud Hybrid Service – Launched in early 2013 – Oriented towards Cloud Bursting

53

Global adoption of cloud in the enterprise

• Enterprise adoption of cloud is still immature – In Norway adoption is more cautious still … less economic incentives

• Enterprises Still Sceptical of Public cloud

– Perceived loss of control & increased levels of risk – Outweigh the benefits of public cloud – Prefer to deploy on private clouds with increasing interest in "hybrid models"

• Much greater Public Cloud adoption within SMEs

• Decision to go Public or Private

– How much control do you want to risk giving up? – How much do you wish to spend / save? – How much performance do you want?

54

Global adoption of cloud in the enterprise

• Private Cloud used for core data & services – Core Data

• Customer / HR / Finance & Accounting

– Core Services • Essential Business Processes core to the enterprise

• Public Cloud possibly used for non core data & services – CRM - Salesforce.com

– Productivity - Microsoft Office 365

55

Adoption amongst some Norwegian cloud “champions”

Company Deployment Use Bank Private cloud Core and non core activities

Clothing Manufacturer Public Cloud Non core activities - MS Office 365 deployed

Private Cloud Core business processes - Cytrix

Food Manufacturer Public Cloud Non core activities - MS Office 365 experimented with, not yet adopted

Private Cloud Core business processes - VMWare

Financial Services Public Cloud Non core - Office 365 experimented with rejected

Private Cloud Core business processes - highly innovative

Broadcaster Public Cloud Core business processes - Microsoft Azure PAAS

Logistics Public Cloud Non core activities - Salesforce.com deployed

Private Cloud Core business processes

Fuel & Oil Distributer Private Cloud Virtualised Desktop (Hosted) 56

Predictions of Commentators

• Enterprises will continue to struggle to come to terms with public cloud

– But eventually perceived risks will be overcome

– Its benefits will outweigh its disadvantages

• Changing balance between SaaS / PaaS / IaaS

– SaaS will eclipse IaaS by value

– SaaS solutions will increasingly segment on verticals

– PaaS will grow and substitute sales of SaaS & IaaS

57