cloud computing 101 issue 1 (sample)
DESCRIPTION
Sample of Cloud Computing 101 course given at Cloud Asia 2011TRANSCRIPT
Cloud Computing 101 (Sample)
Issue 1
May 28th 2011
www.alanquayle.com/blog
© 2011 Alan Quayle Business and Service Development
Objectives
• Comparing and contrasting the available delivery models of cloud computing
• Evaluating the benefits of cloud products, including global and regional service
providers, Salesforce.com, Microsoft Azure, Google, and Amazon
• Understanding the underlying technologies of Data Centers and Virtualization
• Understanding the role of operators and web service providers
• Deploying Software as a Service (SaaS) to optimize productivity and
collaboration
• Deploying Platform as a Service (PaaS) to streamline application deployment
• Examining the cost benefits of deploying Infrastructure as a Service (IaaS)
• Understanding implementation issues across security, compliance and business
continuity
• Integrating multivendor cloud products and services
• Focusing on the first two steps, initial business case and pilot project
6/2/2011 © 2010 Alan Quayle Business and Service Development 2
Outline
• Cloud Computing Introduction
o Defining cloud computing
o Definitions: IaaS (Infrastructure as a Service), PaaS (Platform as a Service), SaaS
(Software as a Service), BPaaS (Business Process as a Service)
o The benefits of cloud computing
o Cloud computing components
o Suppliers and market size
o Types of clouds: public, private, hybrid, community
o Cloud trends and vendor solutions
o Emerging standards and regulations
• Understanding the Components: Data Center History and Economics
o History and the drive for efficiency and availability
o Changes and pressures on DC – drive for DC management
o Capex and opex DC costs
o DC economics drives cloud computing
3
© 2011 Alan Quayle Business and Service Development
Outline
• Understanding the Components: Data Center Types and Comparison to Google’s Data Center
o Reviewing the 3 types of DC (Data Center)
o DC Environment
o Internet DC Architecture
o Enterprise DC Legacy / Current
o Google perimeter and DC Overview
o Comparison
• Understanding the Components: Virtualization Technology
o Understanding the role of Virtualization in terms of Commercial or technology
o The life cycle of Virtualization’s components and key technology
o Technology Hotspot analysis of Virtualization
• Understanding the Components: Customer needs and Virtualization
o Analyze the pain points and key requirements (reduce the cost through servers consolidation;
Dynamic scheduling to save energy; Increase the efficiency of management, etc...) in Virtualization
o Analyze the opinion of customers in Virtualization, like usage, maturity...
o The technology trend for customers to choose Virtualization, like VMware, Hyper-v, Xen, KVM...
4
© 2011 Alan Quayle Business and Service Development
Outline
• Understanding the Components: Virtualization Competitive Analysis
o How many main competitors (VMware, Citrix, Microsoft, Oracle, Redhat) we have?
o What about their business models?
o How to win a profit of Virtualization?
o Each competitor’s plans to construct their Virtualization platform?
o SWOT analysis
• Understand the Internet Companies Drivers in Cloud Computing
o Mapping Force, Google and Amazon’s offers
o Cloud Economics, definitions, taxonomy and market size
o Comparison to total IT market
o Cloud Business Case
• Understanding Web Service Providers Focus on Cloud / DCs
o Cloud Hype
o Industry requirements
o Industry Transition
o Data Center Operating System
o DC programming models (PaaS)
o Example providers, PaaS services and pricing
o Deep dive on Force.com, Google App Engine and Microsoft Azure
o What it all means
5
© 2011 Alan Quayle Business and Service Development
Outline
• Implementing SaaS
o Minimizing administration costs
o Improving productivity and collaboration
o Replacing capital investments with pay-per-use
• Implementing IaaS
o Leveraging on-demand servers
o Eliminating software license costs with preconfigured servers
o Migrating existing machine images to the cloud
o Cost-effective, scalable and reliable data storage with Amazon Simple Storage Solution (S3)
• Implementing to minimize risk
o Immediate response to market demands
o Elastically scaling infrastructure capacity to meet organizational demands
o Evaluating operating systems and software with pay-per-use
• Implementing Security in the cloud
o Analyzing security concerns
o Maintaining privacy of proprietary data
o Achieving acceptable reliability and service-level agreements
o Overcoming the risks of public clouds
o Scoping the role: SaaS, PaaS, IaaS
6
© 2011 Alan Quayle Business and Service Development
Outline
• Implementing Virtual Private Cloud (VPC)
o Simulating a private cloud in a public environment
o Google secure data connector
o Amazon VPC
o Industry-standard, VPN-encrypted connections
• Implementing cloud governance
o Retaining responsibility for the accuracy of the data
o Verifying integrity in stored and transmitted data
o Demonstrating due care and due diligence
o Supporting electronic discovery
o Preserving a chain of evidence
• Implementing compliance with government certification and accreditation regulations
o HIPAA, Sarbanes-Oxley and the Data Protection Act
o Following standards for auditing information systems
o Negotiating third-party provider audits
• Implementing business continuity
o Avoiding vendor lock-in
o Exploiting multiple cloud providers for cross-platform interoperability
o Evaluating the impact on employee skill requirements
• Implementing cloud computing in your organization
o Building a business case
o Selecting a pilot project
7
© 2011 Alan Quayle Business and Service Development
Cloud Computing Introduction
What is cloud computing?
We Live in Hyped Times! • “Amazon and PSN outages won't halt cloud revolution.” source The Register
• “SURVEY: Future-proofing the cloud.” source Network World
• “Virtualization, cloud computing to dominate Interop.” source Network World
• “Is Your Data Center Ready for Cloud Computing?” source Web Buyers Guide
• “Demystifying the Cloud – A Conversation with Dell’s CIO and CTO!” source Baseline Briefing
• “Cloud-enabled Wi-Fi: Less Dollars, More Sense” source Network World
• “Apple’s new services are expected to include a "digital locker" solution enabling consumers to
store their iTunes music, movie and television libraries on Apple servers for access on multiple
iOS-based devices.” source Fierce Mobile Content.
• “Brocade Unveils CloudPlex cloud architecture, an open framework for building virtualized data
centers, and offered a look at new technologies coming up in the near future to help make such
data centers possible. “ source CRN
• “CenturyLink goes from local to global player with Savvis acquisition.” source Fierce
Free Software Foundation founder Richard Stallman called cloud computing,
“worse than stupidity.”
Bottom-line: If you’re systems are down or you loose customer data its not the Cloud
Provider that suffers / goes out of business – they just issue a credit for the disruption.
First Phase of Cloud Consolidation
• Verizon acquired Terremark, a Infrastructure / Platform as a Service (I/PaaS)
provider, for $1.4 billion, to provide IT infrastructure services targeting the
enterprise market.
• Dell spent more than $2 billion in six months acquiring cloud technologies,
including PaaS provider Boomi, and is investing another $1 billion in a group of
global data centers.
• IBM acquired Cast Iron, Boomi’s competitor.
• Time Warner Cable acquired NaviSite.
• CenturyLink acquired Savvis
• Microsoft and Toyota forged a strategic partnership to build a global platform
for Toyota Telematics Services using Windows Azure.
• CA Technologies and Unisys entered into a joint venture that combines CA’s
virtualization and service management products with Unisys’ virtualization and
cloud advisory, planning, design and implementation services.
Likely see further consolidation as Telcos realizes their weaknesses in selling Cloud into enterprise – particularly small medium enterprise
Telstra spending $600M on cloud-based UC for businesses • Telstra said it plans to invest $600 million to upgrade communications options
for 90 percent of the country's businesses and, in partnership with Microsoft and
Cisco, provide them with cloud-based unified communications.
• The QoS upgrades will encompass 1,6000 exchanges and take the telco until
September to complete.
• The Digital Business package will cost businesses $120 a month and include a
basic ADSL2+ connection to businesses, a Cisco Router and a Cisco digital
phone. Customers can pay an additional $15 a month to have their Internet and
voice connection switch over to the Telstra NextG network automatically if the
ADSL connection fails.
• Telstra said VoIP service would likely follow the QoS upgrade, once it "can give
all the reliability and also the technical backup we think the product needs, then
we will bring it to market."
Everything becomes labelled as Cloud. Really the $600M is on a network upgrade…
Evolution
• Cloud computing has evolved through a number of
phases which include grid and utility computing,
application service provision (ASP), and Software as a
Service (SaaS).
• But the overarching concept of delivering computing
resources through a global network is rooted in the
sixties.
Those Sixties!!!
John McCarthy, 1961
“computation may someday be organized as a public utility.”
The Dream of Cloud Computing
• Semiconductor Fabs Expensive – Typically > $1 Billion
– Too Much for Most Designers
• Fabs Take Outside Work – Fabs Amortize Cost
– Other Designers Make Chips
• Allowed Explosion of Designs – More Players Afford Rented Fab
• New Datacenters Very Expensive – Only a Few Companies Can
Afford Huge Datacenters
• Utility Computing Datacenter Owners Amortize Costs – Utility Computing Users Get
Advantages of Elasticity
– Datacenter Resources Shared Across Many Users
Utility Computing Integrated Circuit Foundries
But a private cloud doesn’t deliver scale?
What is Cloud Computing?
• Wikipedia - Cloud computing is Internet ('Cloud') based development and use of computer technology ('Computing'). The
cloud is a metaphor for the Internet (based on how it is depicted in computer network diagrams) and is an abstraction for
the complex infrastructure it conceals[1]. It is a style of computing where IT-related capabilities are provided “as a
service”[2], allowing users to access technology-enabled services from the Internet ("in the cloud")[3] without knowledge
of, expertise with, or control over the technology infrastructure that supports them[4]. According to the IEEE Computer
Society "It is a paradigm in which information is permanently stored in servers on the Internet and cached temporarily on
clients that include desktops, entertainment centers, table computers, notebooks, wall computers, handhelds, etc."[5]. “
• No Consensus in the industry for a good definition of “Cloud computing” . Today anything and everything internet will
come with a cloud computing logo
• Simple Definition: If the time difference between - your application needs more capacity and gets more capacity is greater
than instantly it is not cloud computing. i.e. if there is no programmatic way to provision hardware, no pooled capacity and
even worst a purchase order to get new hardware/software.
• The Bottom-line
o Changes the economics of Computing from being a Capital investment to Utilities (You buy electricity you don’t buy generators )
o Changes the way software is developed – Hardware provisioning , Deployment and Scaling now part of developer lifecycle as a
Program / script as compared to a Purchase order
o Automates a whole bunch of infrastructure related tasks and activities leading efficiencies and cost savings
IBM Confidential 19
What is Cloud Computing?
Banking
Retail
IT
• A user experience and a business model
o Standardized offerings
o Rapidly provisioned
o Flexibly priced
• An infrastructure management and
services delivery method
o Virtualized resources
o Managed as a single large resource
o Delivering services with elastic scaling
• Similar to Banking ATMs and Retail Point of
Sale, Cloud is Driven by:
o Self-Service
o Economies of Scale
o Technology Advancement
The NIST Definition of Cloud Computing
o Cloud computing is a model for enabling convenient, on-demand network access to a
shared pool of configurable computing resources (e.g., networks, servers, storage,
applications, and services) that can be rapidly provisioned and released with minimal
management effort or service provider interaction. This cloud model promotes availability
and is composed of five essential characteristics, three service models, and four deployment
models.
Characteristics 1. On-demand self-service 2. Broad network access 3. Resource pooling 4. Rapid elasticity 5. Measured service
Service models 1. Cloud Software as a Service (SaaS) 2. Cloud Platform as a Service (PaaS) 3. Cloud Infrastructure as a Service (IaaS)
Deployment models 1. Private cloud 2. Community cloud 3. Public cloud 4. Hybrid cloud
Why Now?
From T-Systems, who has delivered SAP dynamic services since 2004
22
NIST 3 Cloud Service Models
• Cloud Software as a Service (SaaS)
o Use provider’s applications over a network
• Cloud Platform as a Service (PaaS)
o Deploy customer-created applications to a cloud
• Cloud Infrastructure as a Service (IaaS)
o Rent processing, storage, network capacity, and other fundamental computing
resources
• To be considered “cloud” they must be deployed on top of cloud
infrastructure that has the key characteristics
23
Service Model Architectures
Cloud Infrastructure
IaaS
PaaS
SaaS
Infrastructure as a Service (IaaS)
Architectures
Platform as a Service (PaaS)
Architectures
Software as a Service
(SaaS)
Architectures
Cloud Infrastructure
SaaS
Cloud Infrastructure
PaaS
SaaS
Cloud Infrastructure
IaaS
PaaS
Cloud Infrastructure
PaaS
Cloud Infrastructure
IaaS
Mapping the Cloud Types
I use this to simply show the lock-in nature of PaaS / SaaS providers model – Amazon is more focused on a business model based on scale.
IT Cloud Services Taxonomy
Cloud
Applications (Apps-as-a-service)
Cloud (Application)
Platforms (Platform-as-a-Service)
Cloud
Infrastructure (Infrastructure-as-a-Service)
App Deploy
IT Cloud Services
App Dev/Test
Cloud Computing Technologies
Technologies Cloud Services
Applications
Dev Platforms
Multi-Tenant, Deployment & Cluster Management
Virtualization, Infrastructure Management and Grid Engines
Processing Hardware
SaaS
PaaS + Support services (Storage, DB, Security, Aggregation)
IaaS
I use this to simply show technologies associated with each layer – when we discuss data center design and architecture we’ll come back to these components.
The NIST Cloud Definition Framework
27
Community Cloud
Private Cloud
Public Cloud
Hybrid Clouds
Deployment
Models
Service
Models
Essential
Characteristics
Common
Characteristics
Software as a Service (SaaS)
Platform as a Service (PaaS)
Infrastructure as a Service (IaaS)
Resource Pooling
Broad Network Access Rapid Elasticity
Measured Service
On Demand Self-Service
Low Cost Software
Virtualization Service Orientation
Advanced Security
Homogeneity
Massive Scale Resilient Computing
Geographic Distribution
Benefit 1) Elastic Capacity
Predicting Infrastructure Needs Com
pute
Pow
er
Time
Predicted Usage
Actual Usage
Waste
Customer Dissatisfaction
Elasticity, Risk, and User Incentives Services Will Prefer Utility Computing to a Private Cloud When:
Demand Varies over Time
Provisioning for Peak Leads to Underutilization at Other Times
Pay by the Hour (Even if the Hourly Rate is Higher)
Demand Unknown in Advance
Web Startup May Experience a Huge Spike If It Becomes Popular
Pay as You Go Does Not Require Commitment in Advance
The Value of Cost Associativity
UserHourscloud × (revenue – Costcloud) ≥
UserHoursdatacenter × (revenue – ) Costdatacenter
Utilization
Cloud Is Mostly Driven by Money
Economics of Cloud Computing Are Very Attractive to Some Users
Cloud Computing Will Track Cost Changes
Better than In-House
Investment Risks May Be Reduced
Predicting Application Growth Hard
In-House, You Must Provision for Peak
Benefit 2) Faster time to market
Benefit 3) No initial investment (No CapEx)
Benefit 4) Pay as you go, pay for what you use
Benefit 5) Focus on your business
The 70/30 switch
On-Premise Infrastructure
Your Business
Managing All of the “Undifferentiated Heavy Lifting”
30% 70%
Cloud-Based Infrastructure
Your Business
More Time to Focus on Your Business
Configuring Your Cloud
Assets
70%
30% 70%
On-Premise Infrastructure
30%
Managing All of the “Undifferentiated Heavy Lifting”
Cloud’s goal: flip this equation
Companies have different motivations for leveraging cloud
Risk &
Compliance 34,000-employee
bank deploying a
private cloud from
IBM to centralize
management of
desktops via an
enterprise class data
center rather than at
the user stations,
Gets greater remote
flexibility without
sacrificing control to
improve efficiency.
Employee
Productivity
Enable collaboration
across 300K global
employees as well as its
network of customers,
partners and suppliers.
Saving 30 minutes per
day or 120hr per year
per person.
IBM LotusLive has 18
million users in 99
countries
Analytics &
Security Operations support 9
major commands,
nearly 100 bases, &
700,000 active military
personnel around the
world. Design secure
cloud infrastructure for
defense & intelligence
networks; insights
about cyber attacks,
network, system or
application failures,
while automatically
preventing disruptions.
Time to Value
Creates an
ecosystem for PayPal
3rd Party developers
Reduces developer
effort to deploy a work
environment with
seamless PayPal Test
Sandbox access
Gartner view: hype cycle
Why Be a Cloud Provider?
Make a Lot of Money
Huge datacenters cost 5-7X less for computation, storage, and networking. Fixed software & deployment amortized over many users. Large company can leverage economies of scale and make money.
Defend a Franchise
What happens as conventional server and enterprise apps embrace cloud computing? Application vendors will want a cloud offering. For example, MSFT Azure should make cloud migration easy.
Attack an Incumbent
A large company (with software & datacenter) will want a beachhead before someone else dominates in the cloud provider space.
Leverage Customer
Relationships
For example, IBM Global Services may offer a branded Cloud Computing offering. IBM and their Global Services customers would preserve their existing relationship and trust.
Become a Platform
Facebook offers plug-in apps. Google App-Engine…
Leverage Existing Investments
Web companies had to build software and datacenters anyway. Adding a new revenue stream at (hopefully) incremental cost.
Infrastructure Middleware Applications
Private
Cloud
@ In-house
Data Center
Virtual
Private
Cloud
@
Dedicated
Provider
Public
Cloud
@ Global
Provider
Business
Value
Level Of
Sharing
Full Cloud Taxonomy
Business
Processes
PURE
CLOUD
MARKET
EXTENDED
CLOUD
MARKET Infrastructure
Virtualization
Tools
BP
Virtualization
Tools
Dynamic
Infrastructure
Services
Integration-
as-a-Service
IaaS SaaS
PaaS BPaaS
Dynamic
Apps
Services
Dynamic
BPO
Services
Middleware
Virtualization
Tools
Apps
Virtualization
Tools
Terminology on XaaS: SaaS, PaaS, IaaS, CaaS and EaaS
• SaaS a.k.a Software As A Service (wikipedia):
o “software that is deployed over the internet and/or is deployed to run behind a
firewall on a local area network or personal computer. With SaaS, a provider
licenses an application to customers as a service on demand, through a
subscription or a "pay-as-you-go" model.”
• SaaS can be seen as the end user consumable service, and
what is usually meant by “cloud computing”.
• Microsoft classifies SaaS into four "maturity levels," whose key
attributes are configurability, multi-tenant efficiency, and
scalability.
• The SaaS model maturity is usually vendor specific.
IaaS: Infrastructure As A Service
• IaaS is scalable IT infrastructure readily attached to
a suitable communication media (Internet in case
of “public cloud” or corporate network in case of
“private cloud”), controlled through appropriate
APIs, and is available to its users in form of an on-
demand service typically with “pay-per-use”
charging model
• IaaS is a provision model in which an organization
outsources the equipment used to support
operations, including storage, hardware, servers
and networking components. The service provider
owns the equipment and is responsible for housing,
running and maintaining it.
• The consuming entity does not manage or control
the underlying cloud infrastructure but has control
over operating systems, storage, deployed
applications, and possibly limited control of select
networking components (e.g., host firewalls).
• IaaS: Amazon EC, IBM computing on demand,
Rackspace
IaaS bases on scale
• IaaS customer promise is about CAPEX and OPEX avoidance, streamlined operations, lower TCO
and lower entry barrier:
o Margins as per offered resources are usually pretty thin
o Revenue is generated by scale and volume
o Scale requires capability to economically cater for low-traffic customers and subsequently scale up to
high volumes
o Business processes for infrastructure operations and management needs to streamlined and mature
o Capability to obtain and cater for scale requirements issues a relatively high entry barrier for a new
entrant in IaaS offering business due to needed investments.
• Usually (but not necessarily always), IaaS players do have existing business, of which IaaS is a by-
plot:
o CSPs, ecommerce, SaaS providers, data-center and hosting business.
o The target is to create revenue from existing under-utilized data center resources.
• Additionally, with the ever-tightening legislation, competition, technology requirements,
efficiency requirements etc., operating own data center requires more and more of specific
competences (e.g. design for energy efficiency, design for compliancy, ...)
o Capability development requires investments and takes focus out of the core business of the company.
PaaS: Platform as a Service
• PaaS: a capability provided to the user to
deploy onto the cloud infrastructure user-
created or acquired applications created using
programming languages and tools supported
by the provider.
• All cloud computing characteristic apply.
• Usually PaaS model includes an application
level framework, e.g. plug-ins for IDE
o Easier application development
o Implied lock-in with the provider
• Focus of PaaS is the developer and respective
ecosystem: Successful PaaS offerings have
tendency of attracting loyal,
open communities of developers.
• PaaS implies leverage of domain specific value,
e.g. business applications and force.com.
• Example: Google Apps, force.com, Facebook
PaaS: an outsourced application server platform?
• It appears that the PaaS providers offering holds similarities to what an
application server stands for
o Obviously, an application server platform is part of PaaS, despite the proprietary nature of
implementations.
• PaaS can be seen as a service, where as an application server (“platform”) is
a technology to implement that service.
• PaaS can be regarded as a application development ecosystem:
o Implementation approach can vary and is not the core consideration: JEE, .NET, LAMP,
Python, Ruby...
o Middleware and connectivity services, elasticity, multi-tenancy
o Collaborative and integrated supporting ecosystem for the applications that are deployed on
PaaS platforms and need to be offered as services to the customers/consumers.
• IaaS scales the infrastructure, whereas PaaS scales the application
development ecosystem.
• For PaaS a key consideration is the risk of lock-in.
CaaS and EaaS
• CaaS a.k.a Communications As A Service (zimbio.com)
o “Delivering telecommunications, instant messaging etc. as a service over
the Internet. Telephony as a service, also known as “Voice as a service”,
employs VOIP (Voice Over Internet Protocol). Software and hardware can
be provided as a service by providers.”
o CaaS is specialized SaaS.
• EaaS a.k.a Everything As A Services
o Another buzz-word, and to some extent even more marketing spin: SaaS,
PaaS and IaaS bundled together as multiple instances.
More Scoping
Framing for cloud computing delivery model
Connectivity and access
Physical computing and storage environment
Computing and storage virtualization
Operating system
Com
putin
g
Infra
stru
ctu
re
Application server containers and database management systems
Content services
Mid
dle
ware
pla
tform
Web portal
BPMS Identity services
Protocol stacks
High availability framework
Sy
stem
ma
na
gem
ent
too
ls
Pla
tform
O&
M
too
ls
Dev. tools
UI frame.
Platform abstraction layer
etc.
Applic
atio
n
insta
nces
Sh
ared
a
pp
licatio
n
ma
na
gem
ent Application integration layer
User interface layer
Applications Partners’ standard
applications
Customized applications
Third party standard
applications
Third party customized applications
IAA
S
PA
AS
SA
AS
The service models are separate: e.g. creating a SaaS offering
by no means requires bundling IaaS or PaaS with it.
Some Myth’s and perceptions
• Isn’t it all about hardware provisioning?
o Not Really – It is also about changing of Software Development Lifecycle
with scaling up , hardware provisioning and deployment all under the
control of developer written programs
• What about Security and Enterprise Adoption ?
o Two answers
• Private Clouds – Starting seeing the adoption of the cloud computing paradigm come into the corporate data center. Big iron vendors are selling Private Cloud Products and Hybrid Solutions.
• The Question: “Just as Banks became a safe place to keep your money away from your safe-box in your grandfathers home , The Cloud will become the default place to keep your data in the future.” – an analogy I prefer is home security, you can outsource to ADT, but in the limit you still need to do some of it yourself.
Some Myth’s and perceptions
• Isn’t this similar to Time Sharing?
o Yes to some extent.
o But it is not all about sharing of resources. It really boils down to cost savings
as a result of automation and changing the software development lifecycle
• How is it different from ASP?
o The ASP value-add was the typical value you get from an outsourcing
company. Leverage knowledge base, trained manpower and some shared
infrastructure to guarantee reliability of operations and potential cost savings
o Cloud Computing is taking the ASP concept to the next level with zero to little
amount of “People Services” and focus on the computing as a utility.
Public Clouds
• Public Clouds are good when
o Have low bandwidth and latency requirements
o Starting with test or development workloads
o Running collaboration applications
o Don’t have an upfront capital budget
• Not so good when
o You need strict performance SLAs
o Uptime is critical – no control over recovery
o Privacy or security is a concern, i.e.
• 3rd party has your data, auditors complain
• Can you review vendor’s security procedures?
o Costs per CPU hour can be larger than that of in-house server deployments.
Committing tightly to a single provider without a proper plan B is a no-go.
Internal Private Clouds
• Positives of internal private clouds
o Anticipated reduction of TCO
o Better hardware capacity
utilization
o Elasticity
• Easy self service provisioning
• More efficient system management
o IT retains control of SLAs
• Data security and privacy
• High performance
• High availability
o Capability to provide spot-on
chargeback reports as per need
• Negatives vs. public clouds
o Requires up front capital
expenditure due to IT investments
in own CAPEX
o Not as useful for small and
medium businesses and
departmental solutions due to
needed investments
• Negatives vs. dedicated hardware
o Performance tax
o Not capable for massive parallel
processing
Cost elements: SaaS versus traditional on-premises SW
• On-premises / in-house
o License payments at acquisition
phase and recurring fees
o Customization and systems
integration costs
o Implementation and deployment
costs for roll-out
o Local IT and systems support
arrangements, either own head-
count or outsourced
o Training costs for end users
o Computing, storage, backup and
network costs
o Support and maintenance costs
• SaaS
o Configuration and systems
integration costs
o Business process adaptation costs
o Sign-up fees
o Recurring subscription fees
o Care and support fees
o Training costs (of a standard
application)
o Internet connectivity costs
o (undefined price tag for potential
strategic transition costs)
Cloud service provider space remains fragmented
Cloud based
services
Cloud native players
Amazon, Salesforce;
IT Service providers
Accenture, Capgemini,
Wipro
Large tech vendors
Cisco, Dell HP, IBM
Telecom providers
AT&T, BT, FT, DT/ T-Systems, Verizon
Why CSPs have a strategic fit for cloud computing
• Shared infrastructure
• CSPs have long history of infrastructure, which is networked and interoperable via well-defined interfaces.
• Managed and hosted IT and communications services
• For a longer time CSPs have relied on vendors’ managed services type of professional services, which means that there is no inherent fear of outsourcing operative responsibilities.
• Data centers
• Data centers operations have been for long time the core of CSP production machines.
• Security, data integrity and trust
• These are the traditional key characteristics of telco business.
• Managed network services and end-to-end SLAs.
• CSPs are familiar with end-to-end SLA thinking and KPI based operations.
• Communications as a service
• Communications and connectivity is the bread and butter of CSPs.
• SME customer base
• The customer base of CSPs does cover SME, which means that they are familiar with the problems and issue within the segment.
What is Cloud Computing For Telcos
Cloud Computing
Engagement for Telcos
New consumer-
centric Cloud Services
Infra-structure
Network-Centric
Mass Adoption
Consumer Reach
Delivery Strength of
trusted services
e.g. Billing
Where Is The Cloud Opportunity For Telcos?
CONSUMER vs ENTERPRISE
Telco’s Enterprise – Consumer Pendulum
• 2005’s: Cloud Computing/SaaS Tech. Populism, Pay/Use, Web 2.0
• 2015’s: Enterprise 3.0 Collaborative Business Models Cloud federated master data and distributed business transactions
75’s: ISDN Telephony
1st Gen. Remote Home Workers
•
90’s: Multimedia PCs, Cell Phones Digital Kids, Consumerization IT
•
2010’s: Managed Devices, Media
Convergence Managed Desktops, X-Internet
•
• 65’s: Mainframes in Data Centers Enterprise drives Tech Awareness
Consumer Enterprise
• 80’s: PC on corporate desktop IT education of working generation
Innovators Converged Personas
Mass Adoptors Consumer Specific Personas Enterprise
Implementing Security
60
Security is the Major Issue
Security Trend – Virtual Firewalls and Additional Procedures Part 1
• Virtualization is essentially adding an operating system. – So there are now two operating systems to monitor and patch, instead of one. This
increases the chances of patches not being up to date creating security risks – Procedures within the data centers running cloud services must be stricter then regular
data center procedures • Traditional intrusion detection doesn’t work on virtual servers.
– Intrusion detection (and intrusion prevention) monitors network traffic (between physical servers) and raises a red flag if there’s a traffic spike or type of traffic not explained by legitimate operations.
– But there’s no way to monitor traffic between virtual servers on one physical host, - emergence of virtual firewalls
• Malware can spread among virtual servers. – Traditional intrusion detection is blind to activity between virtual servers, it’s easy for a
virus or other malignant software to spread from one virtual server to another. – And beyond -- because virtualization is often used in conjunction with clustering that
moves data and applications among two or more physical servers, to provide load-balancing and “failover” in case one server in the cluster encounters a problem.
– A network monitoring system can not analyze this threat. Emergence of virtual firewalls that protect virtual servers.
– VMWare and Citrix have created Hypervisor based solutions that work with existing security vendor solutions
• Confidential data can be compromised because there’s no way to monitor traffic flow between virtual servers sharing the same physical server,
– There’s no way to tell whether confidential or legally protected data (such as medical records or credit card numbers) have been compromised.
– Today this is managed by segregating data on a separate physical sever – and generally not allowed outside of the internal corporate cloud.
Security Trend – Virtual Firewalls and Additional Procedures Part 2
• Malware is now virtual-aware. – “Virtual-aware” viruses can tell when they’re running in a virtual
environment. Though they’ve mostly used this knowledge to hide so far, they could easily be adjusted to attack virtual servers’ vulnerabilities instead.
– According to research by the antivirus company ESET, more than 200,000 virtual-aware malwares were at large in November 2008.
• Other methods of security management include structuring the resource pools to match network segments, and force traffic among pools to pass through the existing network security infrastructure.
– Generally use virtual LANs to achieve this, which results in lower resource utilization and less flexibility in matching workloads to resources.
• VM Ware publishes security guidelines – Limiting VM functionality to only those capabilities required by the
application – General access controls to virtual console and management functions – Quite complex and generally push operators towards partnering with an
established IT integrator in the virtualization space, e.g. HP or IBM
• A Cloud Service is only as strong as its weakest link – Must ensure all VMs implement extra protections – recent Gartner surveys
show less than 20% of enterprise implementations include additional protections for security in virtualization implementations
Security Standards: SAS 70
• SAS 70 is the most commonly adopted security standard among
cloud service providers.
• Roughly 67 percent of cloud service providers follow SAS 70
(Statement on Auditing Standards No. 70), which is an
internationally recognized auditing standard developed by the
American Institute of Certified Public Accountants (AICPA) that
defines the standards an auditor must employ in order to assess the
contracted internal controls of a service organization like a hosted
data center, insurance claims processor or credit processing
company, or a company that provides outsourcing services that can
affect the operation of the contracting enterprise.
Security Standards: PCI DSS & SOX
• PCI DSS
o About 42 percent of cloud service providers follow the PCI DSS (Payment Card Industry Data Security
Standard) standard, a global security standard that applies to all organizations that hold, process or
exchange credit card or credit card holder information.
o The standard was created to give the payment card industry increased controls around data and to
ensure it is not exposed. It is also designed to ensure that consumers are not exposed to potential
financial or identity fraud and theft when using a credit card.
• Sarbanes-Oxley
o Sarbanes-Oxley (SOX) is a security standard that defines specific mandates and requirements for
financial reporting. SOX spanned from legislation in response to major financial scandals and is
designed to protect shareholders and the public from account errors and fraudulent practices.
o Administered by the SEC, SOX dictates what records are to be stored and for how long. It affects IT
departments that store electronic records by stating that all business records, which include e-mails
and other electronic records, are to be saved for no less than five years. Failure to comply can result in
fines and/or imprisonment.
o About 33 percent of cloud service providers follow SOX.
Security Standards: ISO 27001 and Safe Habor
• ISO 27001
o About 33 percent of cloud service providers adhere to ISO 27001, a standard published in 2005 that is
the specification for an Information Security Management System (ISMS).
o The objective of ISO 27001 is to provide a model for establishing, implementing, operating,
monitoring, reviewing, maintaining and improving ISMS, which is a framework of policies and
procedures that includes all legal, physical and technical controls involved in an organization's
information risk management processes.
• Safe Harbor
o About one-fourth of cloud service providers adhere to Safe Harbor principles, a process for
organizations in the U.S. and European Union that store customer data.
o Safe Harbor was designed to prevent accidental information disclosure or loss. Companies are certified
under Safe Harbor by following seven guidelines: Notice, through which individuals must be informed
that their data is being collected and how it will be used; choice, that individuals have the ability to opt
out of data collection and transfer data to third parties; onward transfer, or transfer data to third parts
that can only occur to organizations that follow adequate data protection principles; security, or
reasonable efforts to prevent loss of collected data; data integrity, that relevant data is collected and
that the data is reliable for the purpose for which it was collected; access, which gives individuals
access to information about themselves and that they can correct and delete it if it is inaccurate; and
enforcement, which requires the rules are enforced.
Security Standards: NIST and HIPAA
• NIST
o National Institute of Standards and Technology (NIST) standards, originally designed for
federal agencies, emphasize the importance of security controls and how to implement them.
The NIST standards started out being aimed specifically at the government, but have recently
been adopted by the private sector as well.
o NIST covers what should be included in an IT security policy and what can be done to boost
security, how to manage a secure environment, and applying a risk management framework.
The goal is to make systems more secure. About 25 percent of cloud service providers adhere to
NIST standards.
• HIPAA
o The U.S. Health Insurance Portability and Accountability Act (HIPAA) is followed by roughly
16 percent of cloud service providers.
o The HIPAA standard seeks to standardize the handling, security and confidentiality of health-
care-related data. It mandates standard practices for patient health, administrative and
financial data to ensure security, confidentiality and data integrity for patent information.
Security Standards: FISMA and COBIT
• FISMA
o FISMA, or the Federal Information Security Management Act, was passed in 2002 and created
process for federal agencies to certify and accredit the security of information management
systems.
o FISMA certification and accreditation indicate that a federal agency has approved particular
solutions for use within its security requirements. In its research. About 16 percent of cloud
service providers have obtained FISMA certifications.
• COBIT
o Control Objectives for Information Related Technology is an international standard that
defines the requirements for the security and control of sensitive data. It also provides a
reference framework.
o COBIT is a set of best practices for controlling and security sensitive data that measures
security program effectiveness and benchmarks for auditing. The open standard comprises an
executive summary, management guidelines, a framework, control objectives, an
implementation toolset and audit guidelines. About 8 percent of cloud service providers follow
the COBIT security standard.
Security Standards: Data Protection Directive
• The Data Protection Directive is a directive adopted by the European
Union that was designed to protect the privacy of all personal data
collected for or about EU citizens, especially as it relates to
processing, using or exchanging that data.
• Similar to Safe Harbor in the U.S., Data Protection Directive makes
recommendations based on seven principles: Notice, purpose,
consent, security, disclosure, access and accountability. About 8
percent of cloud service providers adhere to the Data Protection
Directive.
In Some Ways, "Cloud Computing Security" Is No Different Than "Regular Security"
• For example, many applications interface with end users via the web. All the
normal OWASP (Open Web Application Security Project) web security
vulnerabilities
-- things like SQL injection, cross site scripting, cross site request forgeries,
etc., -- all of those vulnerabilities are just as relevant to applications running
on the cloud as they are to applications running on conventional hosting.
• Similarly, consider physical security. A data center full of servers supporting
cloud computing is internally and externally indistinguishable from a data
center full of "regular" servers. In each case, it will be important for the data
center to be physically secure against unauthorized access or potential natural
disasters, but there are no special new physical security requirements which
suddenly appear simply because one of those facilities is supporting cloud
computing
Bitbucket, DDoS'd Off The Air
Maintenance Induced Cascading Failures
73
It's Not Just The Network: Storage Is Key, Too
See http://www.engadget.com/2009/10/10/t-mobile-we-probably-lost-all-your-sidekick-data/ However, see also: Microsoft Confirms Data Recovery for Sidekick Users http://www.microsoft.com/Presspass/press/2009/oct09/10-15sidekick.mspx
74
And Let's Not Forget About Power Issues
Implementing in Your Organization Project Plan
Today’s IT infrastructure is under tremendous pressure and is finding it difficult to keep up…
76
It will reach a breaking point
In distributed computing
environments, up to 85 percent
of computing capacity sits idle
Percentage of executives who report
a security breach and aren’t confident
they can prevent future breaches
70 percent is spent on maintaining current IT infrastructures versus adding new capabilities
Percentage of CIOs who want to improve the way they use and manage their data
Create a roadmap for cloud as part of the existing IT optimization strategy
Consolidate
Virtualize
Standardize and automate
Reduce infrastructure complexity
Reduce staffing requirements
Manage fewer things better
Lower operational costs
Remove physical resource boundaries
Increase hardware utilization
Reduce hardware costs
Simplify deployments
Standardize services Reduce deployment
cycles Enable scalability Flexible delivery
Adoption of cloud computing will be workload driven
• Workload characteristics determine standardization
Web infrastructure applications
Collaborative infrastructure
Development and test
High Performance Computing
...
Test for Standardization Examine for Risk
Database
Transaction processing
ERP workloads
Highly regulated workloads
...
High volume, low cost analytics
Collaborative Business Networks
Industry scale “smart” applications
...
Explore New Workloads
Workloads ready for cloud computing
• Analytics
– Data mining, text mining or
other analytics
– Data warehouses or data marts
– Transactional databases
• Business services
– Customer relationship
management
(CRM) or sales force automation
– Enterprise resource planning
(ERP) applications
– Industry-specific applications
• Collaboration
– Audio/video/Web conferencing
– Unified communications
– VoIP infrastructure
• Desktop and devices
– Desktop
– Service/help desk
• Development and test
– Development environment
– Test environment
• Infrastructure
– Application servers
– Application streaming
– Business continuity/
disaster recovery
– Data archiving
– Data backup
– Data center network capacity
– Security
– Servers
– Storage
– Training infrastructure
– Wide area network (WAN)
capacity
Source: IBM Market Insights, Cloud Computing Research, July 2009.
Public and Private Clouds are preferred for different workloads
Database- and application-oriented workloads emerge as most appropriate
Data mining, text mining, or other analytics
Security
Data warehouses or data marts
Business continuity and disaster recovery
Test environment infrastructure
Long-term data archiving/preservation
Transactional databases
Industry-specific applications
ERP applications
Infrastructure workloads emerge as most appropriate
Audio/video/Web conferencing
Service help desk
Infrastructure for training and demonstration
WAN capacity, VOIP Infrastructure
Desktop
Test environment infrastructure
Storage
Data center network capacity
Server
Source: IBM Market Insights, Cloud Computing Research, July 2009. n=1,090
Top public workloads Top private workloads
There is a spectrum of deployment options for cloud computing
Private Public Hybrid IT capabilities are provided “as a service,” over an intranet, within the enterprise and behind the firewall
Internal and external service delivery methods are integrated
IT activities / functions are
provided “as a service,” over the
Internet
Third-party operated
Third-party hosted and operated
Enterprise data center
Enterprise data center
Private cloud Hosted private cloud
Managed private cloud
Enterprise
Shared cloud services
Enterprise A
Enterprise B
Public cloud services
A
Users
B
There is a spectrum of deployment options for cloud computing
Private
Implemented on client premises
Client runs/ manages
Third-party operated
Enterprise owned
Mission critical
Packaged applications
High compliancy
Internal network
Third-party owned and operated
Standardization
Centralization
Security
Internal network
Mix of shared and dedicated resources
Shared facility and staff
Virtual private network (VPN) access
Subscription or membership based
Shared resources
Elastic scaling
Pay as you go
Public Internet
Third-party operated
Third-party hosted and operated
Enterprise data center
Enterprise data center
Private cloud Hosted private cloud
Managed private cloud
Enterprise
Shared cloud services
Enterprise A
Enterprise B
Public cloud services
A
Users
B
Security is among a top concern with cloud computing... Security Framework provides a structure to address this concern
Data and information Understand, deploy and properly test controls for access to and usage of sensitive data
People and identity Mitigate the risks associated with user access to corporate resources
Application and process Help keep applications secure, protected from malicious or fraudulent use, and hardened against failure
Network, server and end point Optimize service availability by mitigating risks to network components
Physical infrastructure Provide actionable intelligence on the desired state of physical infrastructure security and make improvements
Professional services
Managed services Hardware and software
Movement from Traditional Environments to Cloud Can be in One Step or an Evolution Clients will make workload-driven trade offs among functions such as security, degree of customization, control and economics
Businesses that implement cloud computing are seeing significant results
Reduced IT labor cost by 50 percent in configuration, operations, management and monitoring
Improved capital utilization by 75 percent, significantly reducing license costs
Reduced provisioning cycle times from weeks to minutes
Improved quality, eliminating 30 percent of software defects
Reduced end user IT support costs by up to 40 percent
Simplified security management
Concluding Remarks
Gartner view: hype cycle
But it does make sense for some functions within some organizations….
The NIST Cloud Definition Framework
89
Community Cloud
Private Cloud
Public Cloud
Hybrid Clouds
Deployment
Models
Service
Models
Essential
Characteristics
Common
Characteristics
Software as a Service (SaaS)
Platform as a Service (PaaS)
Infrastructure as a Service (IaaS)
Resource Pooling
Broad Network Access Rapid Elasticity
Measured Service
On Demand Self-Service
Low Cost Software
Virtualization Service Orientation
Advanced Security
Homogeneity
Massive Scale Resilient Computing
Geographic Distribution
Elasticity, Risk, and User Incentives Services Will Prefer Utility Computing to a Private Cloud When:
Demand Varies over Time
Provisioning for Peak Leads to Underutilization at Other Times
Pay by the Hour (Even if the Hourly Rate is Higher)
Demand Unknown in Advance
Web Startup May Experience a Huge Spike If It Becomes Popular
Pay as You Go Does Not Require Commitment in Advance
The Value of Cost Associativity
UserHourscloud × (revenue – Costcloud) ≥
UserHoursdatacenter × (revenue – ) Costdatacenter
Utilization
Cloud Is Mostly Driven by Money
Economics of Cloud Computing Are Very Attractive to Some Users
Cloud Computing Will Track Cost Changes
Better than In-House
Investment Risks May Be Reduced
Predicting Application Growth Hard
In-House, You Must Provision for Peak
Cloud-Based Infrastructure
Your Business
More Time to Focus on Your Business
Configuring Your Cloud
Assets
70%
30% 70%
On-Premise Infrastructure
30%
Managing All of the “Undifferentiated Heavy Lifting”
Cloud’s goal: flip this equation
IBM Cloud Business Model
Current IT
Spend
Strategic Change Capacity
Hardware, labor & power savings reduced annual cost of operation by 83.8%
Hardware Costs ( - 88.7%)
Labor Costs ( - 80.7%)
100%
Deployment (1-time)
Note: 3-Year Depreciation Period with 10% Discount Rate
Hardware Costs (annualized)
Liberated funding for new development, transformation investment or direct saving
Labor Costs (Operations and Maintenance)
Power Costs (88.8%)
Power Costs
Software Costs
Software Costs
New Development
Impact: Reduction of Total Cost of Ownership of
Data Center Infrastructure
Reduced Capital Expenditure
- Improved utilization reduces requirement for
new capital purchases
Reduced Operations Expenditure
- Lower facilities, maintenance, energy, IT
service delivery and labor costs
Additional Benefits
- Reduced risk, less idle time, more efficient
use of energy, acceleration of innovation
projects, enhanced customer service
Business Case Results Annual savings: $3.3M (84%) from $3.9M to $0.6M Payback Period: 73 days Net Present Value (NPV): $7.5M Internal Rate of Return (IRR): 496% Return On Investment (ROI): 1039%
ROI Analysis
CSPs and cloud computing
• The large CSPs have long history in running large scale data-centers and
respective operations.
• Hence, it is natural for CSPs to offer services via cloud paradigm, and
enter into the domain of providing enterprise grade cloud computing
services.
o From history perspective the focus has been in IaaS.
o This will most probably continue, since the infrastructure services continue to be a lucrative
necessity.
• Analyst (e.g. Ovum) reports indicate that SaaS/CaaS roadmaps are
evolving within major telco CSPs.
o This is logical growth path, as cloud computing model leverages the telco core competences.
o CSPs already have strong foothold on connectivity, which is essential for XaaS.
o Trend seems to be that IaaS remains the core focus, and SaaS is developed in an opportunistic
way, i.e. develop a solution to a problem, and see whether it could be reapplied for a general
business case according to SaaS.
• Most often CaaS appears to represent communication as a service or
collaboration as a service or unified communications as a services.
Why CSPs have a strategic fit for cloud computing
• Shared infrastructure
• CSPs have long history of infrastructure, which is networked and interoperable via well-defined interfaces.
• Managed and hosted IT and communications services
• For a longer time CSPs have relied on vendors’ managed services type of professional services, which means that there is no inherent fear of outsourcing operative responsibilities.
• Data centers
• Data centers operations have been for long time the core of CSP production machines.
• Security, data integrity and trust
• These are the traditional key characteristics of telco business.
• Managed network services and end-to-end SLAs.
• CSPs are familiar with end-to-end SLA thinking and KPI based operations.
• Communications as a service
• Communications and connectivity is the bread and butter of CSPs.
• SME customer base
• The customer base of CSPs does cover SME, which means that they are familiar with the problems and issue within the segment.
Workloads ready for cloud computing
• Analytics
– Data mining, text mining or
other analytics
– Data warehouses or data marts
– Transactional databases
• Business services
– Customer relationship
management
(CRM) or sales force automation
– Enterprise resource planning
(ERP) applications
– Industry-specific applications
• Collaboration
– Audio/video/Web conferencing
– Unified communications
– VoIP infrastructure
• Desktop and devices
– Desktop
– Service/help desk
• Development and test
– Development environment
– Test environment
• Infrastructure
– Application servers
– Application streaming
– Business continuity/
disaster recovery
– Data archiving
– Data backup
– Data center network capacity
– Security
– Servers
– Storage
– Training infrastructure
– Wide area network (WAN)
capacity
Source: IBM Market Insights, Cloud Computing Research, July 2009.
System Lifecycles
Hyperlinked Models & Metadata
End-to-End Policies
Enterprise Cloud Computing
IT-CONTROLLED CLOUD COMPUTING
• Accelerate application delivery
• Improve IT service management
• Business obtains flexibility while IT maintains control
Application VMs
Metering & Billing Storage
Servers
Public Clouds
Private Clouds
EA & DCA
APP ARCH
IT OPS
IT OPS MGT
Policy-Based Design with Flexibility
Improved Service Delivery with Control
Consumption, Planning, Improvements
Standards & Policies
Portfolio of Virtualized
APPLICATION RESOURCES
Dynamic Availability
Efficient Consumption
Treat Cloud just like any IT project: focus, don't believe the hype, and take it step by step
MPLS SLA
Data Center SLA
Mind the SLA Gap!
Beware Lock-In
Conclusions Business
Applications
Infrastructure Software
Data Center
VPN Email
CRM Mobile
Its what your mother told you, “Don’t put all your eggs in one basket”
Desktop
Analytics