how to plug into the cloud -...

How To Plug IntoThe CloudCloud computing is still in its infancy, and the tools and techniques for it are stillunder construction. This report explores some of the ways business technology managers can maximize benefits while minimizing risks

DEC. 12, 2008

IN THIS REPORT

The Promise And The Problems Of The Cloud . . . . . . . . . . . . . . . . . . . . . . . .2

Companies Need Cloud Control . . . . . . . . .3

Plan Now For Integration . . . . . . . . . . . . . .5

Serious Cloud Security . . . . . . . . . . . . . . . .6

Bandwidth Isn’t The Only Issue . . . . . . . . .9

Clouds Can Complicate Contracts . . . . . .10

Beware of Technology Lock-In . . . . . . . . .12

Salesforce.com and Google Expand AppDevelopment Options . . . . . . . . . . . . . . . .13

Cloud’s Role In Research Isn’t Clear . . . . .14

Copyright 2008 United Business Media LLC. Important Note: This PDF is provided solely as a reader service. It is not intended for reproduction orpublic distribution. For article reprints, e-prints and permissions please contact: PARS International Corp., 102 West 38th Street, Sixth Floor, NewYork, NY 10018 ; (212) 221-9595; www.magreprints.com/quickquote.asp

Cloud Computing HoldsPromise—And Problems

THE BEAUTY OF CLOUD COMPUTING is that little more thana user ID and a credit card will get you started.That’s the problem, too.Anything this easy is bound to create problems for IT departmentsthat aren’t prepared.

We’ve experienced this phenomenon many times before, where atechnology’s ease of adoption translates into unforeseen managementchallenges. Virtualization resulted in virtual machine sprawl; smart-phones ushered in new security risks; instant messaging raised cor-porate governance concerns.

The purpose of this report is to show IT managers how to maximizethe benefits of cloud computing—including ease of use, flexibility, andlower costs—while minimizing the risks. It’s a how-to guide to licens-ing, management tools, bandwidth, security, and architecture.

This report shows we’re still in the early stages of cloud computing,which means the tools and techniques are still evolving. After twoyears of testing, for example, Amazon Web Services’ Elastic ComputeCloud service became generally available just a few weeks ago, andenterprise capabilities such as monitoring, management, and loadbalancing are still on the road map. Likewise, Google’s App Engine isin preview mode. Microsoft’s Azure cloud services are in preview, too,available only with limited functionality to Windows developers, notother early adopters.

Yet the time to begin planning is now, both as a way of gaining hands-on experience with this new IT delivery model—including the glitchesand gotchas—and of getting ahead of people inside your company whomight be contemplating tapping cloud services on their own. Here’show to get started.

Strategy

It’s easy to getstarted, but hard

to get right

2 Dec. 12, 2008 © 2008 InformationWeek, Reproduction Prohibited


Management Companies Need A CloudThat’s Under Control

By John Foley

TOOLS FOR MANAGING CLOUD SERVICES range from easy-to-use dashboards that let you create virtual software stacks in minutes toenterprise-class platforms that handle a full range of provisioning andmanagement tasks. The further you get into cloud computing, the moreyou’ll need those higher-end tools.

Amazon.com, Google, and other cloud service vendors provide the basictools to get started. The administrative console in Google’s App Engine,for example, shows traffic levels, bandwidth and CPU utilization, anderror rates of Google-hosted apps, and lets you dig into the log file forother detailed data. You also can use it to control administrative rightsand manage application upgrades.

However, App Engine is still in “preview” mode, which means thosetools will max out as requirements increase. “We’re still missing somepieces,” admits Google product manager Pete Koomen.

Cloud service providers, startups, and systems management vendorsare scrambling to give customers more full-featured tools to manageresources in cloud environments.Amazon says a new management con-sole and cloud-monitoring capabilities for its Elastic Compute Cloudservice are “coming soon.” Amazon already provides basic functionality,such as the ability to create Amazon Machine Images using a com-mand-line interface. The console will let users configure and manageEC2 resources, while the monitoring capabilities will include real-timemetrics on EC2 instances and “availability zones”—those parts of theAmazon infrastructure that customers select for redundancy and max-imum availability. Load balancing and auto-scaling also are in Amazon’s2009 plans.

Companies that specialize in cloud management are another option.RightScale’s platform—offered as a hosted service—includes a manage-ment dashboard, database and Web site management, batch processing,multiserver deployment capability, and the ability to scale automatical-


ly. A bare-bones developer’s edition isavailable free, but most IT depart-ments will need one of RightScale’sthree other editions (Website, Grid,

and Premium), which start at $500 amonth plus a one-time fee of $2,500.

Founded last year, RightScale got its start withAmazon Web Services and is now expanding tomanage other public cloud services, includingFlexiScale’s and GoGrid’s. RightScale also has aversion of its platform for the University ofCalifornia at Santa Barbara’s Eucalyptus PublicCloud, an implementa-tion of the open sourceEucalyptus software forcloud computing on clus-tered servers. It’s essen-tially a research and test-ing project, but the goal isto be able to manage pub-lic clouds and Eucalyp-tus-based private cloudsfrom RightScale’s dash-board.

AS EASY AS WEB APPS

IT departments experi-enced at managing Webapps and infrastructurewill find that cloud com-puting has similarities. “If you can manage Webapps, you can manage cloud apps,” says JavierSoltero, CEO of Hyperic, which has a version ofits Web application monitoring software thatruns in Amazon Web Services.

Hyperic IQ consists of a central managementserver—which typically runs on a company’son-premises server—and agents that reside onWeb servers and report back to the manage-ment server with availability, performance, andother metrics. With the just-released IQ 4.0, theHyperic server has been configured as an Ama-

zon Machine Image in EC2. For IT administra-tors, that means ease of deployment, subscrip-tion pricing, and faster performance. HypericIQ’s capabilities include auto-discovery of soft-ware, diagnostics, alerts, analysis and reporting,and other tools.

Beware of an out-of-sight, out-of-mind attitudetoward cloud apps. “The notion that, becauseyou’re deploying an application in the cloud, it’sinherently free from monitoring and manage-ment is one of the great lies of cloud comput-ing,” Soltero says. “Code is inherently flawed

and technology breaks, soyou’ve got to be able tomonitor that.”

Kaavo also specializes inmulticloud management.The startup’s platform sup-ports server monitoring,LAMP software configura-tion in the cloud, load man-agement, software audits,patch management, run-time configuration man-agement, and notificationsand alerts. Kaavo’s Infra-structure and MiddlewareOn Demand software hasbeen out in a free test ver-

sion; a general release is due soon. In Kaavo’sfavor is its management team: Founder andCEO Jamal Mazhar is a Sun-certified J2EE ar-chitect, and CTO Shahzad Pervez is a formerdirector of IT and enterprise architect at majorcompanies.

Leading systems management vendors arebringing new controls to the cloud, too. IBM’sTivoli unit plans to inject cloud managementinto its Service Request Manager, ProvisioningManager, and Monitoring products, says DennisQuan, IBM Software’s director of development

Cloud ChecklistEXTEND your IT architecture to workwith cloud services

STANDARDIZE on one or two cloud service providers

DEPLOY enterprise-class monitoring and management tools

MOVE toward federated identitymanagement if warranted

ENCRYPT data stored in the cloud whereappropriate

DEVELOP a backup plan in case your cloud service fails

ADD bandwidth to support an increase in network traffic

AVOID vendor lock-in by opting for open standards


for autonomic computing. IBM also wants toboost confidence in cloud security by givingcustomers greater control over the systems thathouse their data in the cloud, although Quandidn’t say how IBM will do that.

Microsoft’s answer to cloud management is stillin development. It introduced the Windows Az-ure operating system and related Azure Ser-vices Platform in October but hasn’t said whenAzure cloud services would be available, al-though the development tools and basic build-

ing blocks for getting started are available to de-velopers. Also in October, senior VP Bob Mugliademonstrated a version of Microsoft’s SystemCenter enterprise management platform, code-named Atlanta, that will run in Microsoft’scloud.

As all this activity shows, vendors are hurriedlydeveloping enterprise-class controls for emerg-ing cloud services. The challenge for IT admin-istrators is to get the tools in place before cloudservice adoption takes on a life of its own.

Architecture Time To PlanFor Integration

By John Foley

IT WOULD BE EASY TO IGNORE the technologies behind cloud ser-vices, but it also would be a mistake. Business technology pros must en-sure that cloud services integrate with their enterprise infrastructures.That requires an architecture that spans both.

The components of cloud computing are the same as those in data cen-ters: programming languages, operating systems, databases, Web serv-ers, protocols, APIs.The task is to identify cloud services that are a goodfit with your internal systems, applications, and expertise.A comparisonof Amazon’s Elastic Compute Cloud, Google App Engine, and WindowsAzure services shows how that might work.

Amazon’s EC2 lets customers pick from a software smorgasbord: Win-dows Server, OpenSolaris, and seven Linux flavors; the MySQL, SQLServer, and Oracle 11g databases; and the Java, JBoss, and Ruby on Railsdevelopment environments.

Google’s forte is simplicity. App Engine lets users tap into Google’shomegrown database and other infrastructure software, and APIs pro-vide access to caching, imaging, mail, and other application services.Python is the only programming language supported, although Google


Data Protection Get Serious AboutCloud Security

By Adam Ely

DEVELOPERS LOVE THE DEPLOY-AND-GO functionalityof cloud computing, businesses like the prospect of reduced infra-structure costs, and users are happy if they get new features faster.People in charge of information security, however, are scratchingtheir heads over how to securely move applications and data to thecloud.

A long-held goal of IT is to consolidate identity management tech-nologies and processes; cloud computing risks setting that back adecade.

Organizations could extend their directory services authentication

says it intends to add support for others in thefuture.

Both Windows Azure and Azure Services Plat-form are cut from the same cloth as Microsoft’son-premises enterprise line. Azure compriseshosted versions of SQL Server, SharePoint, Dy-namics CRM, and .Net Services, and it’s devel-oped in Visual Studio and the .Net Framework.Microsoft says Azure will support open proto-cols (HTTP, REST, SOAP, XML) as well as non-Microsoft languages (Eclipse, Ruby, PHP, andPython).

For IT pros who need to sketch out a cloud ar-chitecture, much of the granular informationneeded is available on service providers’ sites.Amazon has a white paper on cloud architec-tures that’s worth a read for anyone trying tocome up to speed.

Your blueprint should take into account thepossibility of cloud services from multiple ven-dors, so think about how you would accomplishinteroperability and application integration.Stuart Charlton, senior software architect ofcloud computing startup Elastra, recommendsREST and the Atom Syndication Format asunderlying specifications in a global cloud ar-chitecture. Standards for federated identitymanagement also are key, he says.

Dennis Quan, IBM Software’s director of devel-opment for autonomic computing, says service-oriented architectures already make it possibleto connect cloud services in “standards-compli-ant ways.”

The next trick will be to transplant servicesfrom one cloud to another. The specs to do that,Quan says, are still in their infancy.


outside their environments to copewith applications and even systemsin the cloud, but that approach couldleave authentication systems vulner-

able if third-party systems are compro-mised. Or a company could implement a newsolution with a separation between the cloudand existing infrastructure management. Thedownside is having to integrate multiple identi-ty and access management systems. The unap-pealing alternative is to go back in time andmanage the cloud separately.

Luckily, some cloud vendors are working on theproblem. Google offers the ability to tie GoogleApps into existing single-sign-on implementa-tions, increasing security and simplifying man-agement. One company we spoke with that hasa large Internet presence deployedan edge authentication server tolet cloud systems authenticate viaLDAP. Another extended its Web-based authentication protocols towork from external sources andauthenticate to its internally host-ed systems via Web services.

DATA LOSS AND BACKUPS

Where’s the data stored, who hasaccess, and is it safe? Those are thebig questions, because few cloudvendors—with the exception of anumber of software-as-a-servicecompanies—have a long record ofhandling sensitive data. Unlessotherwise advised, expect data tobe on shared storage and potential-ly at risk. Truth is, we take riskswith data even inside our own or-ganizations. Apply the same bene-fit-to-risk measure used for in-house data to the cloud, thendecide what can go to the cloud and

how to protect it. That requires knowing andverifying the vendor’s standards and how muchthey can be adapted.

When using services such as Amazon’s ElasticCompute Cloud, companies can apply dataencryption within the operating system, appli-cation, or database management system run-ning in the virtual instance. Other services,such as application hosting, require morethought when developing the application toensure that security measures such as encryp-tion are built in.

Companies should be worried about data lossno matter where their data lies. Amazon knowscomputers fail, so it advises companies to planfor failure through redundancy and backups.

Data: InformationWeek survey of 172 business technology professionals receiving or considering cloud services

Security

Control

Performance

Support

Vendor lock-in

Configurability

Speed to activate new services/expand capacity

% concerned or very concerned

57%81%

67%

64%

58%

57%

45%

44%

Are you concerned with the following issues as they relate to cloud computing?

Get the latest cloud research in our Analytics Report, “A Walk In The Clouds”: cloudcomputing.informationweek.com


Some cloud vendors provide backupservices or ways to export data socompanies can create their ownbackups, while others require that

customers use custom or third-partyapplications.

Keep in mind these critical factors:

>> How will backups be performed? Somecloud vendors perform backups, but more like-ly you’ll want to conduct your own. Many cus-tomers of Amazon’s EC2 also use Amazon’sSimple Storage Service or Elastic Block Storagefor storage of backup files.

>> Can backups be tested? And if the service isdown, can you access the backups?

>> Where will the backup data reside? It couldbe on a cloud storage system, hosted by theprovider, or transferred to your own infrastruc-ture. Regardless, you’ll still need to know howdata’s protected when the backups are in stor-age and transit.

MANAGEMENT AND MONITORING

Companies’ information security teams spendtime monitoring vulnerability mailing lists,patching systems, and rewriting code to fixflaws. In the cloud, they’re trusting a vendor forat least some of that due diligence. Few vendorsprovide a way to verify their security practices,though some are becoming more forthcoming.When using cloud systems such as Joyent orAmazon’s EC2, companies can apply security atthe OS, database, and application layers, butthey’re still relying on the vendor for network,storage, and virtual infrastructure security.

While cloud customers don’t control the actualpatching and monitoring for vulnerabilities,they’re still accountable for managing their

risks. So they need to assess what needs to beprotected and how to safeguard those assets,including layering on security measures aroundcloud infrastructure. Even then, regulationssuch as the Payment Card Industry (PCI) stan-dards may throw a curve ball, since there’s noclarification from the PCI council on how cloudproviders are classified. That could meanthey’re treated slightly differently from auditorto auditor.

Customers of cloud services must demand as-surances that they can monitor who has accessto their data. Companies that require detailedaudit trails should employ data encryption, oruse cloud providers only for apps that interactwith data that’s not particularly sensitive.

This is an area that’s likely to improve quickly.Google has said Google Apps passed a SAS 70Type II audit of its security processes. Expectmore vendors to tout their security standards,since security remains a big reason companiesbalk at moving an application to the cloud.

However, internal information security teamsshouldn’t wait for vendors to up their securitygame. Cloud computing will be increasinglyattractive for everything from desktop applica-tions to server hosting. Applications requiringhigher security, such as HIPAA- or PCI-relatedapps, may be more difficult to certify in thecloud and thus be better served in-house. Com-munity apps and content sites are better candi-dates.

Business technology teams must decide whatthey’re comfortable putting in the cloud. Butthey also must understand that the cloud ulti-mately will be part of the infrastructure, andit’ll be up to them to figure out how to securelyconnect their enterprise systems to a cloud in-frastructure.


WHEN ONE REGIONAL BANK decided to move forward witha Salesforce.com rollout after a successful pilot, it skipped planning for theincreased bandwidth it would need. The bank paid for that mistake whenemployees’ Internet access suddenly slowed to a halt.

The explosion of data traveling on the Web could foreshadow a bandwidthcrunch for companies that don’t invest in bigger pipes. But bandwidth isn’tthe only potential network problem. The long distance that data travelsraises latency worries, and the Internet’s uncertain stability coupled withthe black box of a service provider’s data center make for reliability concerns.

Companies can mitigate some of these worries by upgrading their pipes.One health care company increased bandwidth fivefold to move back-endbatch transaction processing into Amazon Web Services. Fortunately, band-width prices continue to fall, but companies still need to plan carefully.

Technologies such as Packeteer’s PacketShaper can help assess trafficflows, and most firewall vendors have 30-day free trials of reporting serv-ices that can tell companies how much bandwidth they’re using. Band-width requirements from cloud services providers tend to be unreliable orhard to get, says Mike Healey, CTO of network integrator GreenPages, socompanies should estimate bandwidth demand based at least in part ondata from pilot tests.To be ready for peak demand, companies should planfor enough bandwidth so that their pipes average no more than 75% uti-lization, Healey says.

Redundancy is just as critical as extra bandwidth. Not planning for failoveris “the biggest mistake we see clients make,” says Healey. Multiple telecomcompanies provide last-mile Internet access in most metropolitan areas.

Also, even if a company upgrades bandwidth,it could encounter perform-ance lags if a cloud service provider’s closest data center is 3,000 milesaway. “People talk about connectivity and throughput ... but latency is alsoa big deal, even within the cloud, because you’ve got distributed environ-ments and customers talking to customers,” says Glenn Dasmalchi, techni-cal chief of staff to Cisco’s CTO.

Networking Bandwidth And Beyond

By J. Nicholas Hoover


High-performance, low-latency demands comefrom apps such as those for calculating marketrisk or melding components into a compositeapp.They’re part of the reason Amazon has builtits content delivery network with data centers atpoints around the world, to act similarly to cach-ing services from Akamai or Limelight. Ask ven-dors what they’re doing to reduce latency.

Companies needing more efficient bandwidthfor cloud computing also can use load balancers.One software startup pushed most of its infra-structure—storage, processing, the developerenvironment—into the cloud and invested in 1050-Mbps Verizon Fios lines, with one Radwareload balancer to aggregate bandwidth into theequivalent of one 500-Mbps line. With comingWAN optimization standards and data-intensivecommunication between the cloud and on-premises environments, Dasmalchi expectsWAN optimization also will have a role to play in

accelerating traffic among cloud computingproviders, ISPs, and cloud computing users.

Although cloud computing brings some newnetwork headaches, it also may cure others. Forapplications moved to the cloud, network ad-ministrators should have less work tweakinginternal network architecture, since they’re onlyproviding a connection to the cloud providers’data center.

While potential cloud customers get their ownnetworks ready for the task, they should askcloud providers about their networks: who theyuse for backhaul, whether connections are re-dundant, where data centers are located. “Ideal-ly, you would want to see their network design,”Healey says. While the burden might be on thecloud vendor to build an adequate network, it’son the buyers to do their homework to makesure it’s solid.

BUYING CLOUD SERVICES IS VERY DIFFERENT from buying pack-aged software when it comes to the legalese. At its most basic, just aboutanyone can sign up for services by filling out a few Web forms. Most compa-nies, however, are going to want some more official license agreement tai-lored to their needs, and that’s where things can get more complicated.

Providers typically follow one of two approaches with their cloud serviceand SaaS licenses—by the person, or by usage. Microsoft Exchange Onlinecosts $10 per user, per month, for example. Others charge per transactionor per gigabyte of data exchanged; Amazon S3 storage costs between 12and 15 cents per gigabyte of storage and between 10 and 17 cents per giga-byte of data transfer in the United States. Some providers use a hybrid ofthe two approaches.


Service Contracts Negotiate, Then PlugInto The Cloud


While one of the big appeals of the cloudis its scalability, companies should knowwhat the limits are. Service providersoften cap service levels based on what

they think a customer can pay, accordingto Ed Sullivan, CEO of Aria Systems, which pro-

vides billing services to cloud providers. Forsmall businesses, that can limit customers to$10,000 worth of a service per month.

With SaaS, providers increasingly are sellingbundled versions that range from basic to highend. Microsoft sells a cheaper “deskless worker”version of Exchange Online that gives access tothe basic version of Outlook Web Access, ratherthan the Outlook client. There’s a free version ofGoogle Apps, and a premium version with somebusiness guarantees.

Like any technology, the more SaaS and cloudcomputing services a company buys, the moreleverage it’ll likely have with the contract andprice. Microsoft, for example, gives discounts ifbuyers wrap their services into an EnterpriseAgreement. Amazon charges less as customersuse more of S3 and EC2. As cloud computingbecomes more popular, and companies startmaking bigger deals, vendors are having to getflexible.

SHARED LIABILITY NOT INCLUDED

SaaS and cloud computing carry a degree of un-certainty in terms of security, uptime, perform-ance, and stability. With packaged software, in-house IT pros handle problems. But in the cloud,companies must rely on the service provider tominimize risks, and that needs to be spelled outin the contract, says Robert Scott, an attorneywho represents both vendors structuring theirlicenses and business customers negotiatingcloud contracts.

Standard terms often say little about many im-portant topics related to risk, Scott says. For ex-

ample, if there’s a security failure in a servicethat compromises financial data, an organizationmight be required to notify customers understate or federal law, and potentially face legalaction. “Who pays for that?” Scott asks.

Much of this negotiating is similar to that of anoutsourcing agreement, including scrutinizinglicenses with the end of the relationship in mind.Companies should make sure the terms andconditions lay out how to get data back if theydecide to leave the service or can’t pay for it, orif the provider suddenly shuts down. Customersneed to know how they’ll get data from the serv-ice provider, and how to use that data once theyhave access to it.

SLAS: COMPLEXITY AND LIMITS

The service-level agreement is another piece tothe puzzle. Most cloud providers give some sortof refund if the service is down for a certain per-centage of time each month, as measured by theservice provider responding pings, or data re-quests, from the customer. Negotiating a strong-er SLA will cost a pretty penny, says WarrenRoss, Capgemini’s global director of IT productmarketing, because services get more expensivewith specialized SLAs attached.

Most companies, like Salesforce.com, excludeplanned downtime from SLAs, so if the vendortells you about a planned outage, there’s no re-fund. There tends to be a good bit of planneddowntime, and it takes away from the value ofSLAs, says Divakar Jandhyala, CEO of SaaSbilling and metering startup eVapt.

That said, SLAs are getting stronger and in somecases more complex, much as they did as Webhosting became mainstream. For example, Mi-crosoft’s Exchange Hosted Filtering serviceincludes five SLAs: for uptime, one each for anti-spam and antivirus effectiveness, one for laten-cy, and another for performance.


Microsoft has tiered SLAs for Exchange Onlineand SharePoint Online. The starting point is a99.9% availability SLA; if that’s missed, custom-ers get a 25% monthly credit. At less than 99%,customers get a 50% credit.And if there’s a majoroutage or a virus outbreak, customers get a 100%refund for the month.

However, companies negotiate SLAs hopingthey won’t have to use them. A retailer won’t behappy with a 5% refund of monthly fees if itsWeb site goes down on Cyber Monday.

Other elements of a cloud computing licenseshould include a written understanding that theservice provider will meet compliance demandsand protect intellectual property.

Licensing cloud services is at once simpler andmore complicated than using packaged software.The services are easy to buy, and many comewith standard SLAs that offer a reasonable levelof protection. But to ensure all areas of risk andliability are covered, keep those negotiatingskills—and a lawyer’s phone number—handy.

IT PROFESSIONALS ARE ALL TOO FAMILIAR with the consequencesof addicting their organizations to proprietary programming languages,means of storing information, and other technologies.

Where open standards exist, the likelihood of costly and painful migra-tions down the road are somewhat mitigated. But where no or few stan-dards exist—as is currently the case in cloud computing—the odds of get-ting locked in increase, as does the potential cost of switching should sucha move become necessary.

Data is one of the biggest concerns. On-premises systems afford morecontrol over how and where applications keep data. With cloud-basedsystems, particularly turnkey solutions, schemas are solution-specific.Just because your data can be downloaded out of one cloud doesn’t meanit will easily transfer into a competitor’s platform, cloud or not.

Source code can be another problem, particularly with platforms in thecloud. Between actual code and any forms that may have been developedin the cloud, can any of it be reused elsewhere, or will a rewrite be re-quired? When Sun’s Project Caroline makes its debut, one of the expect-ed features is a scalable cloud for running Java code. Although this speaksnothing of where the data is kept, one advantage of Java is its portability

By David Berlind

System Management The Perils Of Lock-InApply To Cloud, Too


not just to on-premises solutions, but also tosomething in between, like a Java applicationserver running in Amazon’s Elastic ComputeCloud.

Another potential lock-in point occurs whenvirtualization technologies are in play. To theextent that your “systems” are supported by vir-tualization, it’s important to realize that not allvirtualization technologies are created equal.

Many providers advocate the use of virtualmachines to bridge the gap between on-prem-ises computing and cloud computing. For ex-ample, virtualize your servers locally, thenmove them into the cloud. But does the targetcloud support your virtualization technology ofchoice? It’s an area where the dearth of stan-dards has given rise to specialists like rPaththat help level the playing field between dis-similar platforms.

WITH SEVERAL CONNECTIONS between the two companies’services already announced, Salesforce.com and Google have decided totake their relationship to the next level. The two will connect the GoogleApp Engine with Salesforce’s Force.com Web application platform.

Google App Engine apps will now be able to connect to Salesforce data,while Salesforce users will get the ability to develop Web apps in Pythonand take advantage of Google’s authentication services. For example, cloudapplication development and integration startup Appirio worked with Har-rah’s to create a proof-of-concept Web app mashing together a slot ma-chine game that uses Google App Engine with a site for VIP guests that’shosted by Force.com sites.

The new app simply combines the two applications, and imagines that thenew slot machine app could be used as a chance for VIP guests to poten-tially win awards like free Elton John tickets. Since the system is connect-ed to Salesforce CRM, guests could be able to pick those prizes up as soonas they arrive at the hotel and Harrah’s could track how well guests re-spond to the games.

Superficially, Force.com and Google App Engine may seem to be competi-tors, but Google App Engine has focused more on consumer and tradition-al Web applications, while Force.com has primarily focused on SalesforceCRM-attached business apps. “This partnership brings the best of both


App Development Salesforce.com, GoogleExpand Partnership


worlds together,” Salesforce VP of platform mar-keting Adam Gross says.

In a blog post, Google also suggests a few exam-ple applications that could take advantage ofGoogle App Engine and Salesforce: a large-scaleconsumer Web application that offers personal-ized experiences for customers, and an onlinemarketing app that “generates leads directly.”

The new deal ramps up an already broad partner-ship between Google and Salesforce. Starting in2003, the two companies started working togetheron philanthropic efforts.Three years later, the twocompanies announced the integration of GoogleAdWords and Salesforce CRM; more than 10,000customers use Salesforce for Google App Enginetoday.A flood of work since then has led to Sales-force for Google Apps, Force.com for Google DataAPIs, and open social network initiative Open-Social. Five of the top 10 most popular apps onSalesforce’s AppExchange Web app directory arerelated to Google in some way.

Salesforce has been expanding its partnershipbase far beyond Google.At the company’s recentDreamforce conference, Salesforce announcedpartnerships with both Facebook and Amazon.Force.com applications can now be built with

Amazon S3 for permanent storage capabilities,while the Salesforce-Facebook connection hasdriven Appirio to build an application to facili-tate employee job referrals by matching its em-ployees’ Facebook friends with job openings atAppirio.

Gross says customers should expect more part-nerships going forward. “There are going to bemultiple clouds and they need to be easily andwell connected,” he says. “A lot about what we’relearning about collectively are what are the fea-tures we need to build into our platforms to worktogether better.”

Even traditional software vendors—whomSalesforce has consistently detracted—look to bepotential partners going forward as they investmore and more in the cloud, Gross says.

Despite the stated desire to share the wealth, notall is well with Salesforce’s relationships withother cloud vendors. According to Zoho CEOSridhar Vembu, Salesforce wouldn’t allow Zohoto integrate with Salesforce.com and sell its var-ious software-as-a-service offerings on Sales-force’s AppExchange Web application directoryunless Zoho first agreed to shutter the doors toits CRM service.

CLOUD COMPUTING CAN PROVIDE NEW POSSIBILITIES forpowerful, flexible, and cost-effective collaboration and innovation in med-ical research and health care, but there are some pretty big dark cloudshanging in the way.By Marianne Kolbasuk McGee

Collaboration Cloud Role In Research,Health Care Isn’t Clear


That seems to be the consensus amongresearchers and technology leaderswho met with representatives fromAmazon.com and a handful of other

vendors at a recent forum in Boston toexplore the possible roles cloud computingcould play in the biomedical and health carefields.

At the event, sponsored by Harvard MedicalSchool and Amazon Web Services, a few dozenexperts pondered the possibilities of cloud com-puting in their work. Participants includedhealth care IT leaders, academics, biomedical re-searchers, medical and scientific consulting firmrepresentatives, and officials from vendors likeAmazon, Oracle, and Hewlett-Packard.

Because of its elasticity, scalability, pay-as-you-go model, and other characteristics, cloud com-puting can potentially provide huge cost savings,flexible high throughput, and ease of use forresource-strapped biomedical researchers whoneed to collect and crunch terabytes of complexinformation, such as human genomic data, in thepursuit of medical discoveries.

In addition, Web-based servers, storage, data-bases, and other cloud computing infrastructure,software, and services offer an attractive plat-form for collaboration among medical research-ers across the globe, as well as for public-healthofficials across the United States.

Despite the cloud’s allure for heavy-duty med-ical research and data-intensive health-relatedapplications, there are some big hurdles stand-ing in the way. For one, government regulationsregarding privacy and security make puttingmedical data up in the cloud risky if there’s anychance the data—for instance, information aboutgenomic or health issues—could somehow betracked back to specific patients.

Researchers and tech experts at Harvard Med-ical School, Partners HealthCare, and Children’sHospital Boston are investigating or in early de-velopment of specific research and other appli-cations that tap into the collaborative, flexiblenature of the cloud.

Ken Mandl, a researcher and physician withroles at Harvard Medical School and the infor-matics group at Children’s Hospital Boston, isinvolved with ongoing development of severalpublic-health surveillance applications for Mas-sachusetts and at the national level. The cloudcould, for instance, provide a flexible platformfor public-health departments to upload healthdata in a timely manner to assist state andnational health officials in the early identifica-tion and tracking of disease outbreaks, environ-mental-related health problems, and other is-sues, says Mandl.

But many questions persist right now—such aswhether public health departments can legallyallow patient data to reside on the cloud, how tostandardize applications used for those purpos-es, whether vendors like Amazon and otherswould allow “their part of the cloud” to be usedfor public health purposes, and data security andprivacy issues, Mandl says.

“Health data is always in a special category,” saysMandl. “Laws around it are different, and thereare many special interest groups to protect it.”

At Harvard Medical School, the laboratory ofpersonalized medicine is already using somecloud-based services, including Amazon SimpleStorage Service (S3) and Amazon Elastic Com-pute Cloud (EC2) for translational science andsimulation research work.

“It’s like a virtual lab,” says Peter Tonellato,senior research scientist at the Harvard Medical


School Center for Biomedical Infor-matics. He says the platform “fits thevision of ubiquitous access to the labon the Web regardless of location.”

Using the platform, researchers can do“cool analysis” of clinical and genetic data using“clinical avatars,” or simulated representationsof patients, he says.

“Clouds are here to stay,” says Tonellato, whopredicts that many research organizations willtransition to private/public cloud infrastructuresfor elasticity and cost-efficiency in their dataanalysis work.

DATA AND COST SHARING

The cloud can also provide a resource for collab-oration and knowledge-sharing in data-inten-sive research and analysis, especially in thehealth and biomedical arena, says Jill Mesirov,chief informatics officer at Broad Institute. Mes-irov describes her organization as “a genomicscenter on steroids,” because of the multiple peta-

bytes of genetics data the institute’s “infrastruc-ture collects, analyzes, and archives.”

The cloud provides a platform that can help “in-corporate prior knowledge” among the work ofbiomedical researchers across the country, aswell as an infrastructure that supports “dynamicscaling” for the variable demands that complexgenomic data analysis requires, Mesirov says.“It’s very expensive to run and maintain all thatequipment. The idea of sharing this with othersis compelling,” she added.

For its part, Amazon in recent weeks unveiledthe AWS Hosted Public Data Sets, or “PublicData Computing Initiative,” which provides onthe cloud a “hosted-for-free, centralized publicrepository” for data—such as U.S. census andhuman genome research data—useful to re-searchers, says Adam Selipsky, VP of AmazonWeb Services.

how to plug into the cloud -...

Documents