Discussions

News: Cloud Computing: From Custom-build via COTS to SaaS

  1. Cloud Computing: From Custom-build via COTS to SaaS A decade or two ago, we built all of our applications ourselves (well, except some generic products like WordPerfect). Common practice in most organizations nowadays is to first look for Commercial of the Shelf Software (COTS) before building an own solution. But the weather is getting "cloudy" these days, and a storm is ahead. With the maturity of the Internet a third branch is emerging on the decision-tree. Is the solution available as SaaS? Yes, do it. If not, is the solution available as COTS? Yes, do it. If not, build it yourself. And after you build it, deploy it in the cloud. The facts Oracle has acquired SUN to get into the data center business. Microsoft and Google and others invest huge amounts of money to build data centers all over the world. Amazon offers virtual desktops (E2C) at a few cents per hour -and you only pay when you are logged in. Linxter offers an ESB in the cloud, Microsoft calls it the Internet Service Bus. Microsoft also offers Windows-in-the-cloud (Azure). Google offers rich email services to companies with (an ever growing) 7 GB storage at the price of one and a half cup of coffee a month. Salesforce offers business functionality at rates interesting enough to be taken seriously, no investments needed. Since the early days of the Internet suppliers offer storage in the cloud and their prices are decreasing. BPM is offered in the cloud to click together you business processes based on SaaS and your own local applications and services, using a Service Bus in the cloud and/or your own to route the messages around. Virtualization to share resources not at an enterprise level, but at a global level decreases costs with a magnitude beyond any imagination. Pay-as-you-go and fast-scale models will make any investment and so any business case in your organization superfluous. Identity services based on OpenID authenticate users in the cloud. In combination with secure federated provisioning services and legal certifications of cloud services providers, adequate levels of security are guaranteed. In the short term emotions ("This is not secure enough for us... We have different needs then other companies... It's not flexible...") will be the main speed limiter, but eventually rationalism will win: do things ourselves in-house against huge costs, dedicated for us by a provider in the cloud against high costs, or multi-tenant and virtualized with globally shared resources at extremely low costs. Now is the time for organizations to establish a vision and policies and be prepared. Retink the role of the IT-department because things will change, soon, fast and overwhelming. If you as an IT-department don't, the business units will. Because most of what the enterprise's IT-department offers will be offered in the cloud as well, very fast, very scalable, very cheap, and instantly available to everyone. No company-WAN is needed; a cheap ADSL- or cable-access point will sufice to connect the business unit's LAN to the cloud. Be prepared!!
  2. Just what we needed, more excited had-waving about the cloud.
    The facts Oracle has acquired SUN to get into the data center business.
    That's a fact? Can you offer some supporting evidence that that's the sole reason or even the main reason?
    Salesforce offers business functionality at rates interesting enough to be taken seriously, no investments needed.
    That's not a fact. Even if you have no current IT infrastructure, when you put your data into something like Salesforce you have an implicit investment. To ignore this is foolhardy.
    In the short term emotions ("This is not secure enough for us... We have different needs then other companies... It's not flexible...") will be the main speed limiter, but eventually rationalism will win: do things ourselves in-house against huge costs,
    Let me get this straight. Concern about security of your data is irrational. Being rational is jumping into a technology based on flimsy unsupported arguments while ignoring risks. What a brave new world we live in. The best is that we are right now suffering from a huge global catastrophe caused by this kind of thinking. Perhaps you mean 'rationalization' instead of 'rationalism'? I think that cloud computing is going to be a really big deal in the future but the hype is out of control. Have you done any research that substantiates the claims you are making? Any at all?
  3. Hi James, I dislike this sensational tone as much as you do, but there is some merit here. I agree we should avoid the term "cloud" so as to maintain a decent signal to noise ratio :) Where the merit lies is in the concept of software as a service (SaaS). Now this label has a clear meaning (heavens forbid :)), selling software not in a box, but on a per-use basis over the web. Technologies like Chrome and fast JavaScript VMs like V8 are beginning to make the Web Browser as an OS a reality. Many people already use google mail as their standard desktop mail client, shunning Outlook because google mail is just as good and is available from their browser. Other then invoices and the odd spreadsheet, outside developing software I seldom use desktop applications myself. I think this is true for most people. A lot of people today spend most of their computer time on the web. Once fast Javascript VMs in browsers becomes ubiquitous (which given that V8 is open source with a liberal license is only a matter of time), we will begin to see proper applications running in the browser rather then the toy apps we are use to today. The only fly in the ointment is Microsoft who some would argue are intentionally crippling Javascript in Internet Explorer so as to defend their desktop application market. I can't see them keeping this up for ever as they are already beginning to loose market share in the browser market and will need to compete with Chrome, Firefox, Safari etc who are all bringing fast Javascript engines to market. So back to ubiquity, when that arrives we will quickly begin to see software as a service taking off. There are some issues to be addressed like security for instance and their is also the issue of trusting others with your precious corporate data. For some these concerns will be paramount, for others they will be less important. The biggest problem I see is security, like you rightly point out. Some believe the best way to address security concerns is in the language itself (from the security problems TSS is having, they are probably right). There is at least one language in the pipeline that targets SaaS and the security issues that arise (yes Newspeak). Any dynamic (or static) language can be compiled to JavaScript so Javascript won't be a limitation, and could become a common "assembly language". HTML 5 will also bring databases to browsers and other useful features, so things are looking promising. Netscape always intended that the browser would evolve into an OS. If their vision finally comes true, the browser will prove to be the most disruptive technology we've had in decades. Paul.
  4. The biggest problem I see is security, like you rightly point out. Some believe the best way to address security concerns is in the language itself (from the security problems TSS is having, they are probably right).
    I'd modify that a little bit. The biggest problem is that no one's really taking security seriously. Consider if all of your medical history were hosted on a cloud. There are the obvious concerns about breaches caused by someone directly accessing the cloud from the outside. But what about from the inside of the cloud? Since clouds can be elastic, I might have your data in memory on one machine and then a few moments later, another application written by someone else may be on that instance. That application's purpose might only be to attempt to scrape interesting information from the memory it is allocated? Does Amazon wipe the memory prior to reallocating it? I would think that would increase costs, costs the consumer would bear. How long do we think it will take for exploits to try to take advantage of weaknesses inside the various clouds? Is it already happening? The scary thing is that we don't know. I recently read about an online backup service that was suing their hardware supplier because they completely lost a large amount of customer data. Ooops! If my company needed to get data back I'd be looking for a new job faster than you can say 'systemic risk'. It's not that I don't believe there's a solution to these issues but that everyone is so in love with the cloud they don't even ask about these things. Consider if we thought about our children the way we thought about outsourcing, COTS and remoting / clouds. In that world, if I have someone look after my kid, I wouldn't worry about them abusing my child. After all, they said they wouldn't and if they did, it's not my fault because they lied. Unfortunately this doesn't have the discussion attached to it but it gives you an idea of we are getting into: http://www.rationalsurvivability.com/blog/?p=567