InformationWeek Stories by Joe Masters Emison

InformationWeek Stories by Joe Masters Emisonhttp://www.informationweek.comInformationWeeken-usCopyright 2012, UBM LLC.2013-05-13T08:00:00ZIT's Attitude ProblemFew of our 446 respondents will change their IT strategies as result of the cloud. That spells lost opportunity.http://www.informationweek.com/cloud-computing/software/its-attitude-problem/240154541?cid=RSSfeed_IWK_AuthorsCloud computing has widened the already pronounced rift between business executives and stereotypical IT throwbacks who think data is safer on internal Windows 2008 servers that get patched every quarter, whether or not they need it. There are a few members of the latter camp among the 446 business technology professionals from companies with at least 50 employees responding to our InformationWeek 2013 State of Cloud Computing Survey. They made comments such as "I won't trust my checkbook to the cloud, why should I trust anything else?" and "Another IT fad filled [with] flaws and glitches."   <div class="inlineReportPromo right"> <div class="reportHeader"><a href="http://informationweek.com/reports/2013cloud/?cid=pub_analyt__iwk_2013021?cid=pub_analyt__iwk_20130211" target="_blank">2013 State of Cloud Computing</a> </div> <img src="http://twimgs.com/informationweek/1366/366CS_part2_reportbox.jpg" width="175" height="109" alt="2013 State of Cloud Computing" title="2013 State of Cloud Computing" class="reportCover" /> <div class="reportInfo"> Our full <a href="http://informationweek.com/reports/2013cloud/?cid=pub_analyt__iwk_2013021?cid=pub_analyt__iwk_20130211" target="_blank">2013 State of Cloud Computing</a> report is free with registration. Download it <a href="http://informationweek.com/reports/2013cloud/?cid=pub_analyt__iwk_20130211" target="_blank">here.</a> This report includes 28 pages of action-oriented analysis, packed with 22 charts. What you'll find: <ul> <li>Why cloud SLAs never will be compensatory &#8212 and that's OK</li> <li>Top methods for automating workloads</li> </ul> <center><a href="http://informationweek.com/reports/2013cloud/?cid=pub_analyt__iwk_20130211" target="_blank">Get This</a> And <a href="http://reports.informationweek.com/">All Our Reports</a></center> </div> </div>  These results reinforce a trend we saw in our recent Standardization Survey, which yielded this gem: 76% of IT professionals believe that it's better to err on the side of tighter standards, whereas only 55% of those same pros believe their companies' senior business leaders feel the same. This means IT is either inept at communicating why it does what it does (including resisting the cloud) or fundamentally misaligned with the needs and priorities of the organization. Unfortunately, based on our new cloud survey, we're pretty sure it's the latter. The cloud's core benefit is that it lets us selectively outsource tasks we used to have to do ourselves. Tech organizations that use the cloud can focus on their core competencies and may need fewer IT resources, so it's no wonder that large IT departments are hostile to it. But as long as their answer to the cloud is like those survey comments -- idiosyncratic, irrational and irrelevant objections -- IT will gradually become less and less involved with the adoption, use and support of information technologies across their companies, as business units make their own "shadow" IT purchases. Sadly, many respondents don't seem to get that. We saw only an 11% increase in infrastructure-as-a-service adoption compared with 2012, from 27% to 30% among companies using public cloud services, and don't anticipate significantly faster growth in the next 12 months. Why the negativity? Our survey comprises primarily IT professionals -- executives, managers and staff -- at larger organizations; 62% have at least 1,000 employees, and companies with fewer than 50 employees were removed from the results. Given that, it's likely larger companies that are moving slowly. While this may seem prudent from a risk management (and job-keeping) perspective, it exposes these companies to significant competitive threats that may not be adequately captured in risk and opportunity evaluations. <center><img src="http://twimgs.com/informationweek/1366/366CS_part2_chart1.jpg" width="590" height="333" alt="chart: Which of These Types of Providers Does Your Company Use?" title="chart: Which of These Types of Providers Does Your Company Use?" hspace="0" vspace="0" border="0" style="margin-bottom:7px;" /> </center> There is some movement, however. We saw a 29% increase (14% to 18%) in the percentage of respondents who have replaced or fired a cloud provider. This speaks to one of the core advantages of outsourcing IT services: These shops are much less likely to have dedicated staff and hardware that can create inertia around the operational aspects of change. Instead, business needs are a larger part of the decision, and IT can implement changes faster. We're not saying respondents don't have some valid concerns about the cloud. Let's look at a few. >> Maturity: One striking survey result is a drop in use of software-as-a-service (57% to 49%) and platform-as-a-service (42% to 36%) from 2012 to 2013. However, we saw overall increases in cloud usage (33% to 40%), which showed up in virtualization for private and hybrid clouds (56% to 64%) and IaaS (27% to 30%). This suggests that companies are retreating from early adoption of services that may be too "beta" (like PaaS) or that cede too much control to cloud vendors (like SaaS). >> Risk of security or performance problems: Most respondents now see using a cloud vendor as carrying equal or less risk than engaging a noncloud vendor (51% in 2013 vs. 45% in 2012), although very few see cloud vendors as being less risky (7%). Similarly, cloud vendors are seen as providing equal or better performance compared with on-premises applications, although the percentage saying so has dropped since 2012 (77% in 2013 vs. 81% in 2012), and fewer respondents say that cloud application performance is improving (34% in 2013 vs. 44% in 2012). >> Loss of control: It makes sense that companies want to adopt new technologies slowly. Moreover, the cloud ultimately is about handing over control; in the case of SaaS, business units can (theoretically) own the relationships with vendors, cutting IT out entirely. If CIOs want to retain influence, we would expect to see greater adoption of IaaS as well as virtualization and private cloud, which are arguably less disruptive to the control structure than SaaS and PaaS. And this is exactly what we find in the 12-month planning question, where planned IaaS adoption among those using or expecting to use cloud services has jumped 42% compared with 2012. <center><img src="http://twimgs.com/informationweek/1366/364F2_chart1.jpg" width="590" height="376" alt="chart: Cloud Vs. In House" title="chart: Cloud Vs. In House" hspace="0" vspace="0" border="0" style="margin-bottom:7px;" /> </center> Gartner has been so bold as to predict the "end of the traditional sourcing model" in favor of cloud-based services, with SaaS, PaaS and IaaS taking more market share than traditional sourcing by 2015. Trending data from our State of the Cloud Survey since 2010 shows companies that adopt cloud computing generally aren't going back to on-premises deployments. In other words, the cloud isn't all hype; it does deliver, otherwise services would be rolling back to internal IT. Startups, non-IT business units, consumers and the media all recognize the value. It's painfully ironic that the biggest source of griping and inertia is the department that could benefit the most.  2013-04-17T22:13:00ZStrategy: 3 Steps to a Hands-Free Cloudhttp://reports.informationweek.com/abstract/5/9900/Cloud-Computing/Strategy:-3-Steps-to-a-Hands-Free-Cloud.html?cid=RSSfeed_IWK_Authors2013-04-17T08:00:00ZWhy PaaS Is The FuturePlatform-as-a-service will become standard for Web applications. It's time to evaluate your options and plan a migration strategy.http://www.informationweek.com/cloud-computing/platform/why-paas-is-the-future/240152659?cid=RSSfeed_IWK_AuthorsThe vast majority of Web applications will eventually run on platform-as-a-service, or PaaS. The shift will be slower than to infrastructure-as-a-service (IaaS) because finding the perfect PaaS fit will take effort, and there's significant loss of control over hardware and software. Many IT departments will resist. But it will happen, so to help you evaluate options and plan a migration strategy, we sent out a questionaire with more than 70 factors to consider to major PaaS providers. You can download a full set of responses at our <a href="http://www.informationweek.com/cloud-computing-comparisons/paas-providers/">InformationWeek PaaS comparison site</a>. The PaaS value proposition is simple: Bring your code, and we'll handle everything else for you -- Internet connectivity, power, hardware, operating system, software, monitoring, backup, restore, failover, scaling and more. IT can focus on writing code to solve business problems and leave the mechanics of infrastructure and operations to the vendor. In theory, you get a best-practices deployment, including security and business continuity, at a lower cost and better quality versus having your own staff do the work. We say, "in theory" because these are still early days, and vendors provide so many different services -- with so many moving parts -- that it will take time to demonstrate stability to CIOs. However, we're convinced that PaaS is the future, and that companies that fail to consider it will be at a disadvantage. The 7 Factors To Consider A PaaS implementation requires two main elements: a platform and a service that runs the platform for you. For a PaaS vendor to be included in our comparison, it must both sell software or software-as-a-service for deploying Web applications and provide an infrastructure on which to run these applications. After all, if a vendor doesn't provide the underlying infrastructure in addition to the platform software, you're not getting the full value of PaaS because you lack "one throat to choke."   <div class="inlineReportPromo right"> <div class="reportHeader"><a href="http://reports.informationweek.com/abstract/5/10235/Cloud-Computing/PaaS-Buyer%27s-Guide.html?cid=pub_analyt__iwk_20130422" target="_blank">PaaS Comparison</a> </div> <img src="http://twimgs.com/informationweek/1363/363F2reportcover.jpg" width="175" height="131" alt="Report Cover" title="Report Cover" class="reportCover" /> <div class="reportInfo"> <a href="http://reports.informationweek.com/abstract/5/10235/Cloud-Computing/PaaS-Buyer%27s-Guide.html?cid=pub_analyt__iwk_20130422" target="_blank"> The full report</a> accompanying our <a href="http://www.informationweek.com/cloud-computing-comparisons/paas-providers/">PaaS comparison</a> is free with registration. This report includes 15 pages of action-oriented analysis, plus a link to our vendor matrix. What you'll find: <ul> <li>Analysis and pros and cons of the three types of PaaS</li> <li>Trade-offs for early adopters, and why caveat emptor applies</li> </ul> <center><a href="http://reports.informationweek.com/abstract/5/10235/Cloud-Computing/PaaS-Buyer%27s-Guide.html?cid=pub_analyt__iwk_20130422" target="_blank">Get This</a> And <a href="http://reports.informationweek.com/">All Our Reports</a></center> </div> </div>   Comparing PaaS vendors is more difficult than comparing IaaS or SaaS vendors because there are so many disparate elements. We discuss evaluation strategies in depth in our <a href="http://reports.informationweek.com/abstract/5/10235/Cloud-Computing/PaaS-Buyer%27s-Guide.html?cid=pub_analyt__iwk_20130422" target="_blank">full report</a>. Here, we'll walk through the seven major elements to evaluate when choosing a PaaS provider. >> Programming languages and frameworks: IT generally has a preferred programming language, and providers that don't support that language are rarely in the running. There is one exception: proprietary PaaS, where the customer is buying based on other factors and is willing to use whatever language is required. The best example is Salesforce.com's Force.com, which uses a proprietary language but offers the upside of a robust ecosystem that can give application developers a big head start compared with conventional application development platforms. >> Databases: Generally, PaaS database server support is similar to programming language support -- buyers come to the table with a preference. However, most modern application development is done in such a way as to ease migration to a different database server. Several PaaS providers also support so-called "next-generation" databases, such as Xeround, that provide an interface identical to a widely used database, like MySQL, but are offered as a service. It's important to verify the database security features offered by PaaS vendors to ensure that they conform to your regulatory and security policy requirements. >> Availability: After narrowing your list based on programming language and database support, the next defining criterion should be how comfortable you are ceding control over application uptime. To that end, we asked a number of questions around availability to understand what happens when servers and software fail. The service-level agreement is important, but SLAs almost never adequately reimburse a company for application downtime. The best IT can hope for from an SLA is that it costs the vendor enough revenue that the vendor shares some of your pain, and that it clearly defines vendor roles and responsibilities about the services it's responsible for. >> Security: Security and regulatory compliance are critical when selecting any infrastructure vendor, and PaaS is no different. Keep in mind that, for the majority of providers, multitenancy is a way of life -- PaaS vendors drive down costs and maintain high availability by spreading applications and data across a large number of shared servers. This makes PaaS most appropriate for applications and information that fall outside of regulatory oversight, although many vendors have ways to address common regulated scenarios such as storing credit cards.  <div style="margin:0; padding: 0 0 10px 10px; width:289px; float:right; text-align:center;"> <img src="http://twimgs.com/informationweek/1363/363F2_paas-models.jpg" width="279" height="443" alt="3 PaaS Models" title="3 PaaS Models" hspace="0" vspace="0" border="0" /> </div>  >> Services: Many PaaS vendors provide extra services through third-party add-ons. Examples include code repository integration (to launch applications from source code repository branches), caching services (to save database query results to speed application performance), logging services (to consolidate logs across all application copies) and payment services (to outsource acceptance, processing and storage of credit card numbers in a PCI-compliant environment). If an add-on is important, ask how the PaaS vendor handles support. No one wants to navigate interactions between the PaaS provider and services vendor. >> Customer care: PaaS vendors build layers between and around various services (such as application-to-database transactions) that necessitate a much closer relationship between developer and vendor than with other hosting options. Verify that availability is as claimed. Do experts respond to questions on forums in a timely fashion? Do the people staffing the phones have both a clue and the power to help? >> Price: While cost is always important, select based on the above criteria and whether the PaaS model is more cost effective than other options such as in-house or IaaS. Include migration in your calculation if you already have an existing deployment. There's rarely much difference in price among comparable PaaS services. Get the best fit for language, database and add-on support, as well as security and availability. Also note that it's difficult to look at a PaaS price menu and translate that into your actual costs. If you have highly optimized application code, you might pay significantly less than someone with inefficient code. Similarly, the way your app runs on one provider may require that you purchase more units of service than on another, with no way to know before deploying the application. Fortunately, most PaaS vendors offer free trials. Take them up on it. Finally, ensure that you can port your application to a different provider in the event of price increases or service outages. 2013-03-26T09:06:00ZHow Netflix Is Ruining Cloud ComputingA laser focus on Amazon Web Services and seeming disregard for next-gen best practices could spell lock-in, and derail real IaaS competition.http://www.informationweek.com/cloud-computing/platform/how-netflix-is-ruining-cloud-computing/240151650?cid=RSSfeed_IWK_AuthorsOn March 13, Netflix announced $100,000 in prize money for the developers who do the most to improve its open source tools for controlling and managing application deployments on cloud computing. Before spearheading this contest, Netflix's cloud architect, Adrian Cockcroft, released many internal Netflix tools as open source. Currently, 8 cloud-architecture-specific tools are <a href="http://netflix.github.com/">available from Netflix</a>, and Cockcroft has been very open in sharing his and Netflix's knowledge in public forms. In theory, all of this should be wonderful. In reality, however, it's likely to leave cloud computing with an enormous hangover of subpar practices and architectures for years to come. Netflix is the poster child for "Cloud Computing v1.0" and demonstrates both the enormous benefits and troubling problems. Cloud Computing v1.0 is a strictly an Amazon Web Services affair -- it was first, and no other provider had the core features necessary to build comparable applications (think multiple availability zones and EBS with snapshots and quick restores). So it makes sense that Netflix embraced AWS; it saw huge benefits in being able to deploy and scale its service using the interfaces and architectures that were possible when AWS launched. But Netflix has also suffered repeatedly at the hands of Cloud Computing v1.0 with <a href="http://www.informationweek.com/cloud-computing/infrastructure/amazon-outage-scrooges-netflix-heroku/240145338">four outages in 2012 alone</a>, which certainly points to the possibility for some improvement in the high availability of its service. Of note, the Christmas Eve outage is perhaps most troubling from a "v1.0" perspective, as it was solely the result of Netflix's reliance on a less-necessary AWS service for load balancing, which could have been handled in any number of other ways to increase server availability. [ Check out our new InformationWeek cloud computing comparison of 13 top PaaS vendors: <a href="http://www.informationweek.com/cloud-computing-comparisons/paas-providers/?itc=edit_in_body_cross">Cloud Computing Comparison: PaaS Providers</a>. ] The reason the Netflix contest is likely to leave organizations worse off is because it thoroughly embraces this "Cloud Computing v1.0" mindset, both from an "AWS-is-the-only-vendor" standpoint as well as from an architectural standpoint. While it's arguable that there still isn't (quite yet) another infrastructure-as-a-service (IaaS) vendor that has a thoroughly tested core feature set, unless you just walked out of the tattoo parlor with "#AWS" on your shoulder, you know it won't be long. And all companies running on AWS should be looking forward to the rise of additional IaaS vendors, like those in our <a href="http://www.networkcomputing.com/cloud-computing-comparisons/iaas-providers/">IaaS buyer's guide</a>, for two reasons: higher availability and price competition. Every cloud architect should know that it's only a matter of time before organizations have applications deployed across the world on many different IaaS providers in many different data centers, based on request volume and location in combination with a market for computing resources that changes price constantly. Locking yourself down to AWS today, for greenfield cloud architectures, would be the equivalent of deciding to develop an iPhone-only application when you know you'll have to support iPads, Android and others in the future. In addition to the annoying AWS-centrism of the Netflix contest, there's a deeper problem: Some of Netflix's tools embrace a cloud architecture that was fine in the days of Cloud Computing v1.0 but that will look increasingly suspect as time goes on. I know that it's hard to throw out code and systems that are working fine, especially when they still look pretty good -- and often, squeaking out a bit more time is the right internal decision for an individual company. But instead of just wringing out the last bits of value, Netflix is throwing significant money at the rest of the world, asking everyone to embrace and extend their tools and code that are not particularly good practices for future cloud architectures. Perhaps the best example of a bad-practice Netflix tool is Aminator. Aminator helps you build Amazon Machine Images (AMIs) easily, based on a "base" AMI and a package of code. "I must have produced about 25,000 Ubuntu AMIs," raved one excited early user. There's just one problem: It's hard to understand when this would ever be a good idea. Several years ago, spawning tons of images would have been a somewhat acceptable way to roll out a revised version of an application (due to application code, operating system, and/or server software). But today we have widespread adoption of configuration management tools like Chef and Puppet that make massive AMI creation a subpar practice at best. Amazon Web Services itself recently rolled out a service called OpsWorks, which would be a significantly better way to handle deploying applications -- it uses Chef. There are other less-bad tools, but many bear the mark of having to architect around a number of issues that have since been more or less resolved; it's a bit like an open source project that relies heavily on SOAP instead of being RESTful. For example, Edda, which figures out what cloud resources you're using at AWS, just seems like something that had to be built because no one properly set up how resources should be requested and deployed. And Asgard, a very cool tool from 2010 for managing a variety of different applications across AWS, would be a hard sell as a best-of-breed tool today compared with other open source options, notably Scalr and Chef. This is not to say that all of Netflix's open source cloud tools fit into this mold. Denominator is a great DNS manager (because it's multi-cloud), and Simian Army is a fabulous, ground-breaking idea for testing cloud architectures (it is, unfortunately, AWS-only). There's a possibility that the Netflix contest will help lead the world toward Cloud Computing v2.0 and beyond by embracing multi-cloud architectures that use orchestration and configuration management in optimal ways. However, I am skeptical on both fronts. Cockcroft's <a href=http://perfcap.blogspot.com/2013/01/looking-back-at-2012-with-pointers-to.html>public comments</a> suggest little interest in <a href=https://twitter.com/adrianco/status/312300681535053825>using other cloud vendors</a>. A good chunk of the prize money is in AWS credits, and Amazon's CTO is a judge; all this points to a very AWS-centric mindset. Moreover, the fact that Netflix just released Aminator last week indicates to me that Netflix is happy to roll out whatever tools they've built, regardless of whether they fit in with a best-practices modern cloud architecture. But please, Netflix, prove me wrong. Embrace a less proprietary, more highly available, more standardized cloud -- and put Google's Urs Hölzle on the panel while you're at it. #UrsForNetflixJudge <a href="http://www.cloudconnectevent.com/santaclara/?_mc=MP_BTMEDIWKAXE">Cloud Connect</a> returns to Silicon Valley, April 2-5, 2013, for four days of lectures, panels, tutorials and roundtable discussions on a comprehensive selection of cloud topics taught by leading industry experts. Join us in Silicon Valley to see new products, keep up-to-date on industry trends and create and strengthen professional relationships. Use Priority Code MPIWK by March 30 to save an extra $200 off the advance price of Conference Passes. Register for <a href="http://www.cloudconnectevent.com/santaclara/?_mc=MP_BTMEDIWKAXE">Cloud Connect</a> now. 2013-02-05T02:37:00ZInformed CIO: Cloud Standardshttp://reports.informationweek.com/abstract/5/9755/Cloud-Computing/Informed-CIO:-Cloud-Standards.html?cid=RSSfeed_IWK_Authors2013-01-23T08:00:00ZCloud Standards: Bottom Up, Not Top DownIT has good reason to demand standardization in SaaS, IaaS and PaaS offerings. But what's interesting is that vendors themselves are just as interested, and in many cases, are driving standards efforts.http://www.informationweek.com/cloud-computing/infrastructure/cloud-standards-bottom-up-not-top-down/240146392?ct=1022?cid=RSSfeed_IWK_AuthorsThere's a growing demand for standards to bring some sanity to the cloud computing market. Both buyers and sellers have their reasons to want common ways to do things such as transfer data from one cloud-based app or infrastructure to another. But the competition to be in control is fierce. "The Internet had the IETF, which wrangled people and protocols," says Mathew Lodge, VP of cloud services at VMware. "But in the cloud, the standardization landscape is so fragmented. There isn't a central body or forum or place, although lots of people and organizations are trying to be that." Two main factors drive demand for standards. Cloud vendors want to show they can meet companies' security requirements, since that's the biggest roadblock to adoption. IT pros also see value in formalized standards for cloud services, according to the 400 respondents to our InformationWeek Standardization Survey: 89% rate standards for cloud infrastructure vendors such as Amazon, Microsoft Azure or Rackspace as extremely (53%) or somewhat (36%) helpful to their organizations; 85% say the same about software-as-a-service. Why? Would-be cloud customers want to avoid getting locked in to one vendor, so investments in cloud services now don't end up limiting future flexibility. CIOs are right to be wary. When a cloud vendor raises its rates or lets its service quality decline -- or worse, shuts its doors -- IT may be left scrambling. These aren't just theoretical concerns. Amazon Web Services, the dominant provider of infrastructure-as-a-service (IaaS), had three major outages in 2012, and Gmail, the most widely used cloud email provider, had two major outages last year. In late 2011, Google raised prices for its platform-as-a-service (PaaS) offering, App Engine, by more than 100% for many customers. On the flip side, keeping open the option to switch spurs competition and lets companies jump on better deals; Amazon, for example, cut storage-as-a-service prices 20% last year, prompting Google to match. And it's not just private enterprises worried about being tied down. The U.S. Department of Defense recently hired cloud computing strategy firm Fusion PPT to identify cloud standards and best practices to avoid lock-in.  <div style="float:right;padding-left:10px;"> <div style="width:210px; border:1px solid #000000;"> <div style="margin:0; padding:5px; background-color:#CC0000; text-align:center; font-size:1em; color:#ffffff; font-weight:bold;"><a href="http://reports.informationweek.com/abstract/5/9755/Cloud-Computing/informed-cio-cloud-standards.html?cid=pub_analyt__iwk_20130128" target="_blank" style="color:#ffffff;">Informed CIO: Cloud Standards</a></div> <img src="http://twimgs.com/informationweek/1356/356F2reportcover.jpg" width="175" height="109" style="margin:15px;"> <div style="font-size:.9em; margin:0px 1px 0px 10px;">Our full report on <a href="http://reports.informationweek.com/abstract/5/9755/Cloud-Computing/informed-cio-cloud-standards.html?cid=pub_analyt__iwk_20130128" target="_blank">cloud standards</a> is free with registration. What you'll find: <ul class="normalUL"><li>Guide to what makes a good standard, cloud or otherwise</li> <li>A sneak peek at the results of our new Standardization Survey</li> <li>Prognostications from a dozen cloud experts</li></ul> <center><a href="http://reports.informationweek.com/abstract/5/9755/Cloud-Computing/informed-cio-cloud-standards.html?cid=pub_analyt__iwk_20130128" target="_blank">Get This</a> And <a href="http://reports.informationweek.com/">All Our Reports</a></center> </div> </div> </div>  Though demand for cloud service standards is growing, the conventional top-down model no longer holds. Standards today are more likely to spring organically from wide adoption of the approaches of one vendor or a small cadre, and we expect to see more de facto than formal standards in the cloud era. Simply promulgating a standard -- even if done by a widely respected standards-developing nonprofit -- isn't enough to make it stick. The pace of innovation with cloud services is just too rapid. Vendors are updating their offerings on a monthly basis, whereas standards organizations usually take years to finalize new specs. So why do we need cloud standards? For starters, to compare services. Even for something as straightforward as CPUs, cloud providers have created their own measurement units: Amazon Web Services has the Elastic Compute Unit, Google has the Google Compute Engine Unit and Microsoft Azure provides the clock speed of its processors. One relatively bright spot is security, thanks to the Cloud Security Alliance. CSA member organizations, including most large cloud providers, work together to define best practices in security, and the CSA offers a number of useful resources, many of which are becoming de facto standards. For example, the CSA Cloud Controls Matrix (CCM) is a framework for implementing good cloud data center security practices. It provides detailed security concepts and principles in 13 domains and coordinates with security standards such as ISO 27001, COBIT, PCI, HIPAA and FedRAMP. The CSA's Security, Trust and Assurance Registry is another useful resource. It contains responses from cloud service providers to questions raised by the CCM. The registry has responses from major IaaS vendors including Amazon, Hewlett-Packard, Microsoft, SoftLayer and Verizon Terremark, as well as SaaS vendors, such as Box.com and Microsoft Office 365. One caveat: The CSA doesn't independently verify answers. Sadly, the work done by the CSA hasn't been replicated outside the security realm. So here's a look at the state of standards in the three key areas IT needs to evaluate: portability, interoperability, and provisioning and orchestration. Portability Standards for cloud portability ideally will enable IT to port applications and data from one provider to another. There are three potential components of portability: data (for all cloud services), configuration (for most cloud services) and images (for IaaS services). Let's look at these by service type. >> SaaS: Portability with SaaS is fairly straightforward: Either you can export data and configuration from a provider or you can't. Unfortunately, whether export capabilities actually prevent vendor lock-in isn't quite as clear. Can you export the data in a timely and reasonable fashion? Can your alternative vendor import the exported data? While the DataPortability Project promotes standards and policies around data transfers, it's in early stages. Expect to do application-specific investigative legwork. >> IaaS: An IaaS deployment consists of data, virtual machine images and server configuration, including software installed on the image after launch. IaaS vendors, by definition, export data, so the only question is, how difficult will the process be? Exporting 500 GB from a database running on an IaaS virtual machine to another major vendor is fairly simple, but it may take the better part of a day. On the other hand, when exporting 500 GB of records from a cloud database-as-a-service (like DynamoDB), the transform and load process into another vendor's service (assuming such a service exists) is hit or miss, and it also may take much longer. There aren't any significant standards in data portability for IaaS vendors at this point. There is, however, a fairly clear standard for image portability: Open Virtualization Format, released by the Distributed Management Task Force and created by Dell, HP, IBM, Microsoft, VMware and XenSource. Still, "really large image sizes break down the standard," warns Michael Biddick, CEO of Fusion PPT and an InformationWeek contributor. "And if you're moving among different hypervisors, you have to make some changes to the OVF files to make the images work." That said, OVF is about as mature a cloud standard as you'll find and, generally speaking, does deliver on image portability. >> PaaS: While using PaaS can expose you to some lock-in risk because these vendors tend to rely on one IaaS provider, migrating shouldn't be difficult. In an ideal PaaS deployment, you bring your own code and data and rely on the PaaS vendor for the server configuration that you would have had to do yourself with IaaS, so switching PaaS services should be simple. How well that theory matches reality depends on your vendor. Heroku, for example, presents a fairly straightforward export path, whereas Google App Engine's data extraction process is painful in comparison. The good news is that a number of leading technology vendors, including Oracle, Rackspace and Red Hat have, through the standards body Oasis, proposed the Cloud Application Management for Platforms spec, which is designed to make porting applications among PaaS vendors much easier. Interoperability Here we're talking the ability to share cloud services across multiple environments, including a company's own data center, using a private cloud architecture or colocated, noncloud services. Some of the strongest cloud standards have sprung up around identity and access management (IAM) in particular, enabling single sign-on and eliminating the need to control access from multiple management interfaces. IAM dramatically simplifies rolling out new services. There are three main standards in cloud IAM: >> Security Assertion Markup Language, from Oasis, allows cloud applications to leverage the authentication approaches a company is already is using. >> System for Cross-domain Identity Management, created by Google, WebEx and Salesforce.com but now under the IETF's auspices, lets cloud applications use directory information from within the enterprise to provide information on user and group permissions within cloud applications. >> OAuth, originally by Twitter and Google but also now under the IETF, allows cloud users to extend access to resources that they control to other cloud services. For example, you can use OAuth to give LinkedIn access to your Twitter account so that LinkedIn can tweet for you. Provisioning And Orchestration Of our three areas, provisioning and orchestration is experiencing the most change. The dominant "standard" in cloud provisioning and orchestration today is the Amazon Web Services API. You can find the AWS API in Amazon's own offerings, of course, but also those from CloudStack, Eucalyptus and even OpenStack (as a module). However, Amazon hasn't made the AWS API officially open for use as a standard, and of the above products, only Eucalyptus has a license to use it. Raj Dutt, senior VP of technology at IaaS provider Internap, believes that restrictive stance limits its potential. "Because other players in the ecosystem have no input into how the AWS API evolves, Amazon is going to find that their API will be less and less relevant," says Dutt. In fact, for now, the AWS API may be one of the biggest traps lurking in cloud computing. At any point, Amazon could overturn the game board. Another pseudo-standard in the provisioning and orchestration space is OpenStack, created by Rackspace and NASA and now from the OpenStack Foundation. OpenStack gives organizations, including cloud service providers, the ability to build public and private clouds on commodity hardware. OpenStack is generally viewed as a worthy competitor to VMware, CloudStack and Eucalyptus in the cloud-building space, although the OpenStack Foundation aspires to greater heights. OpenStack's website describes it as the result of "a global software community of developers collaborating on a standard and massively scalable open source cloud operating system." Whether OpenStack is or will be a true standard is a controversial topic among cloud professionals. Dutt says the future is bright for OpenStack now that the foundation has made key governance changes, while Biddick is skeptical. "The process to contribute to OpenStack is pretty informal," he says. "As opposed to the rigor of the IEEE, it's more of an ad hoc jumble of pieces and parts, not driven by a unifying vision." The safest way to view OpenStack is as an open source project driven by self-interested companies, not as a standard, and proceed accordingly. Finally, keep an eye on some standards that, while not widely used today, show promise. The Open Cloud Computing Interface offers an open API for managing cloud services, and the somewhat-similar Cloud Data Management Interface, from the Storage Networking Industry Association, offers an open API for managing cloud data. OASIS' Topology and Orchestration Specification for Cloud Applications, is aimed at the larger issue of interoperability and portability by standardizing the life cycle of cloud services. Tosca 1.0 has not yet been released, so it remains to be seen which vendors will adopt it. <center><img src="http://twimgs.com/informationweek/1356/356F2_chart2.jpg" width="500" height="257" alt="cart: how has cloud software and infrastructure affected your approach to standardization?" hspace="0" vspace="0" border="0" style="margin-bottom:7px;" /> </center> 2012-11-15T16:58:00ZResearch: IaaS Buyer's Guidehttp://reports.informationweek.com/abstract/5/9051/Cloud-Computing/research-iaas-buyers-guide.html?cid=RSSfeed_IWK_Authors2012-10-31T08:00:00ZInfrastructure-As-A-Service OptionsOur latest Buyer's Guide looks at 8 top IaaS offerings in a range of categories.http://www.informationweek.com/news/240009686?cid=RSSfeed_IWK_AuthorsInfrastructure-as-a-service lets companies focus on their core competencies without having to worry about buying, deploying, and maintaining data center hardware or facilities. IaaS is why Instagram sold at a $1 billion valuation with only 13 employees and why Pinterest served nearly 12 million monthly unique visitors with only 16 employees. For our new Buyer's Guide, we defined an IaaS provider as offering self-service provisioning of an extremely large number of virtual machines and storage using an API or a Web control panel, without customers having to interact with an engineer or salesperson. For many companies, IaaS offers significant benefits, but with an ever-growing number of providers, it's difficult to know which will be the best choice. To help in the hunt for the perfect IaaS provider, we queried a dozen vendors about their offerings. Eight responded: GoGrid, Google, IBM, Internap, Joyent, NaviSite, SoftLayer, and Terremark. Amazon Web Services didn't respond, but given that it's a major IaaS player, we found answers to our questions on its website. We compared providers in several categories; get the full results at informationweek.com/ reports/iaasguide. CPU And Memory Most vendors offer a variety of VMs based on the number of CPU cores, amount of RAM, and amount of local storage that comes with each VM. There are lots of options, from half a core (GoGrid) to 24 cores (also GoGrid), and 256 MB of RAM (Terremark) to 68.4 GB of RAM (Amazon). However, because virtualization does not lend itself to exact CPU definitions, some IaaS vendors have created their own nomenclature for how much processing power comes with each core on a particular VM. Amazon defines an "Elastic Compute Unit," or ECU, as "the equivalent CPU capacity of a 1.0-1.2 GHz 2007 Opteron or 2007 Xeon processor." Google uses a "Google Compute Engine Unit," or GQ, describing 2.75 GQs as "the minimum power of one logical core (a hardware hyper-thread) on our Sandy Bridge platform."  <div style="float:right;padding-left:10px;"> <div style="width:210px; border:1px solid #000000;"> <div style="margin:0; padding:5px; background-color:#CC0000; text-align:center; font-size:1em; color:#ffffff; font-weight:bold;"><a href="http://reports.informationweek.com/abstract/5/9051/Cloud-Computing/research-iaas-buyer-s-guide.html?cid=pub_analyt__iwk_20121105" target="_blank" style="color:#ffffff;">Research: IaaS Buyer's Guide</a></div> <img src="http://twimgs.com/informationweek/1349/349f3reportcover.jpg" width="175" height="112" style="margin:15px;"> <center>Computing Resources on Demand</center> <div style="font-size:.9em; margin:0px 1px 0px 10px;">Get the <a href="http://reports.informationweek.com/abstract/5/9051/Cloud-Computing/research-iaas-buyer-s-guide.html?cid=pub_analyt__iwk_20121105" target="_blank">Infrastructure-As-A Service Buyer's Guide</a> free with registration. This report includes : <ul class="normalUL"><li>Information on redundancy and data center IaaS offerings</li> <li>A companion spreadsheet of vendor responses to our survey</li> </ul> <center><a href="http://reports.informationweek.com/abstract/5/9051/Cloud-Computing/research-iaas-buyer-s-guide.html?cid=pub_analyt__iwk_20121105" target="_blank">Get This</a> And <a href="http://reports.informationweek.com/">All Our Reports</a></center> </div> </div> </div>  Regardless of how a vendor defines its processing power, you should run benchmarks to see how its offering compares with your hardware. Storage Vendors typically offer up to three types of storage: local storage as part of the VM, also called "ephemeral" or "instance" storage, as it disappears when the VM is terminated; block storage that exists and is billed separately from the VM; and a storage service that has virtually unlimited available space and is billed by the space used. There are two benefits to true block storage that's divorced from the VM. One is that block storage makes VM offerings more flexible: Some IaaS vendors only offer CPU, RAM, and storage in lockstep multiples, such as 1 CPU, 1 GB RAM, and 100 GB storage. If your application doesn't have significant RAM or CPU requirements but requires hundreds of gigabytes or terabytes of disk space, having a block storage option will let you avoid overpaying for a beefier machine. The second benefit is that block offerings often can take snapshots and restore backups to new volumes very quickly. This is important if you need to restore service fast after an outage and have more than 50 GB of data that must be transferred to a new VM. <center><img src="http://twimgs.com/informationweek/1349/349F3_chart2.jpg" width="585" height="330" alt="chart: What types of cloud providers do you use?" hspace="0" vspace="0" border="0" style="margin-bottom:7px;" /> </center> Operating System And Databases The most common operating systems IaaS vendors support are Ubuntu, CentOS, and Red Hat Enterprise Linux, as well as Windows Server 2003 and 2008. In general, supporting tools and libraries for automation and orchestration tend to be implemented for Linux before Windows, but it's far more common to see extensive Windows deployments on IaaS now than a few years ago. Some IaaS vendors offer specialized VMs that come with both operating system and database server installed and include simple API-driven methods for backing up and restoring data to and from the database server. These can be very useful for quickly implementing an application in the cloud without having to spend a lot of time on software installation, configuration, and orchestration. The downside to these services is that you pay for convenience--they're more expensive than running the exact same software on the exact same hardware on the IaaS provider's systems. They also limit your ability to fine-tune some or all configuration options. You may find a cloud management or configuration management software or service that has database templates built for your IaaS vendor to be a better and less costly option. For example, RightScale offers a Database Manager ServerTemplate that provides a similar feature set to Amazon RDS but lets customers run database deployments across multiple clouds and doesn't have Amazon RDS's hourly price premium. Cloud management platform enStratus is working on a library of Chef and Puppet scripts that will enable similar functionality. Cost The utility pricing that most IaaS vendors offer can seem very low, but like a cellphone bill, lots of little charges can add up. PlanForCloud .com is a useful resource for cost planning, letting you design a complete cloud architecture and compare costs among IaaS providers. The most important part of estimating costs is making sure you're comparing apples to apples. Most providers have a one-core, 1- to 2-GB RAM virtual machine available for between 8 cents and 10 cents per hour with on-demand pricing. If you can take advantage of a provider's discount plan (commit to purchase a certain amount of computing resources or pay a lump sum up front to obtain lower hourly pricing for one or more years), you'll see significant savings--up to and beyond 40% with Amazon and Terremark. <center><img src="http://twimgs.com/informationweek/1349/349F3_chart3.jpg" width="585" height="632" alt="chart: Minimum and maximum amound of memory offered by per virtual machine?" hspace="0" vspace="0" border="0" style="margin-bottom:7px;" /> </center> Security And Compliance Let's face it, the default security stances of most IaaS vendors are significantly more stringent than standard on-premises security practices. IaaS vendors are also quite used to questions about compliance with common regulations, such as PCI DSS, HIPAA, and Gramm-Leach-Bliley, and some have guides on how to best achieve compliance within their infrastructures. Finally, the Cloud Security Alliance's Security, Trust, and Assurance Registry has responses from many IaaS vendors to a rich set of uniform questions about security practices. Support And SLA Every IaaS vendor we surveyed offers 24/7 online support, and most have telephone support as well, sometimes at an additional charge. However, not all telephone support is equal; SoftLayer is the only vendor that says it puts you in touch with a person who works directly on the hardware underlying your VM. Make sure to calculate the cost of premium support for vendors that price support as a percentage of usage, as that can quickly add up. Every IaaS vendor with a service-level agreement provides credits for future service in the case of an outage, although offerings can be difficult to compare. Amazon and SoftLayer offer 10% of your monthly bill as credit in case of an outage, while Joyent offers 5% of your monthly bill as credit for every 30 minutes of outage, and GoGrid offers 10,000% credit on whatever amount you paid during the outage. Most customers find that IaaS SLAs are noncompensatory; that is, no SLA adequately compensates a company for downtime. SLAs serve more as an incentive to providers to make sure the service is up for the vast majority of its customers. If you have a mission-critical application on IaaS, you must have a multiregion or multicloud deployment, as SLAs don't provide adequate protection. Additional Services One of the most exciting aspects of infrastructure-as-a-service vendors is that they're constantly innovating and creating new services that make developing and deploying powerful applications even easier. Amazon has had such a head start that its additional offerings dwarf the competition, but a number of vendors are starting to add services, too. Some of the offerings unique to Amazon are Route 53 (DNS service), ElastiCache (caching service), CloudSearch (full-text search service), Simple Notification Service, and Mechanical Turk (human worker service). A number of vendors offer or will soon offer NoSQL database services, aimed at customers who need to store a large number of key-indexed records, such as user preferences for a consumer website: Amazon (SimpleDB and DynamoDB), Google (BigQuery), and IBM (coming soon); as well as queue services (Amazon, Joyent and SoftLayer); and email services (Amazon and SoftLayer). Some vendors also offer consulting services, whereas others let partners do the consulting. <center><img src="http://twimgs.com/informationweek/1349/349F3_chart1.jpg" width="585" height="629" alt="chart: Minimum and maximum number of CPU cores offered per virtual machine, by Iaas provider?" hspace="0" vspace="0" border="0" style="margin-bottom:7px;" /> </center>2012-10-18T00:38:00Z9 Vital Questions On Moving Apps To the Cloudhttp://reports.informationweek.com/abstract/5/8962/Cloud-Computing/9-vital-questions-on-moving-apps-to-the-cloud.html?cid=RSSfeed_IWK_Authors2012-09-10T08:00:00ZAnswers To 9 Questions About Public Cloud MigrationBe sure you have good answers for the business case, security, availability, and more.http://www.informationweek.com/news/240006951?cid=RSSfeed_IWK_Authors  <div id="inlineGreenPromoTop"> <div class="greenBand"></div> <div class="inlineGreenPromoContent"> <a href="http://www.informationweek.com/gogreen/091012s/?k=axxe&cid=article_axxe_os"><img src="http://twimgs.com/informationweek/supplement/040/smallcov.jpg" alt="InformationWeek Green - Sept. 10, 2012" title="InformationWeek Green - Sept. 10, 2012" align="left" class="greenIssueImage" /></a> <a href="http://www.informationweek.com/gogreen/091012s/?k=axxe&cid=article_axxe_os"><img src="http://twimgs.com/infoweek/graphics_library/misc/Green_leaf_88x88.jpg" alt="InformationWeek Green" title="InformationWeek Green" align="right" class="greenLeaf" /></a> <div class="greenPromoText"> <a href="http://www.informationweek.com/gogreen/091012s/?k=axxe&cid=article_axxe_os">Download the entire InformationWeek September special issue</a> on the cloud, distributed in an all-digital format as part of our Green Initiative (Registration required.) </div> </div> <div class="greenBand"></div> </div>    <img src="http://twimgs.com/informationweek/supplement/040/040SUP_Cover_cloud_110.jpg" width="110" height="110" alt="Threats Vs. Readiness" title="Threats Vs. Readiness" width="110" height="110" class="artInlineTopImage" /> Don't just focus on technological challenges when considering moving internally delivered IT services to the public cloud. Instead, start with the business case--if it doesn't add up, no amount of technological wizardry will make cloud the right choice. If building that analysis is tough, think back to how you talked to business leaders about moving to virtualized hardware, which was a fairly significant technological and operational leap. From there, the move to infrastructure-as-a-service is, in some ways, a much smaller change. You can run virtual machines on a provider's infrastructure the same as you would internally, but you've now outsourced hardware- and facility-related headaches. But moving to the public cloud also comes with risk. For one, your service provider may not offer the same networking and storage features that you had in your own data center. We've seen companies lose a significant amount of operational control around continuity and disaster recovery, and when cloud outages occur, internal IT can do very little about it even as employees or customers scream. Then there's the financial picture. Data center costs are well understood, and CIOs can be reasonably confident when estimating budgets for new projects. But companies that haven't used cloud providers in the past may be dazzled by visions of low-cost, pennies-per-hour charges for virtual machines and then suffer sticker shock as usage ramps up or new services get layered on. Security and compliance concerns also persist, as we saw in our <a href="http://reports.informationweek.com/abstract/5/8978/Cloud-Computing/research-cloud-security-verify-don-t-trust.html?cid=pub_analyt__iwk_20120910" target="_blank">InformationWeek 2012 Cloud Security and Risk Survey</a>. Will our data be safe in the cloud? Who can get access to it? Where, in both a physical and logical sense, does my data actually reside? It's no wonder that some CIOs approach migration to the public cloud with trepidation. On the other hand, Amazon CTO Werner Vogels isn't completely off base to classify CIOs who flatly refuse to venture into the public cloud as "dinosaurs." While self-serving, Vogels' criticism isn't unwarranted because the public cloud has significant benefits compared with in-house virtualization for many use cases, perhaps most compellingly around dynamic workloads and disaster recovery. Thus, though they do need to proceed with caution, CIOs must at least consider the public cloud as an application platform. Start by asking these nine questions. What's our business reason for moving to the public cloud? The purpose of IT is to serve and support the business, so any significant technology migration plan should start with a clear definition of why the company as a whole will be better off as a result of moving a given service or application to the public cloud. Some of the most common justifications are increased scalability or high availability, improved disaster recovery or business agility, and infrastructure and staff cost savings. For example, a consumer-facing retail site that experiences predictable bursts of activity--say, back-to-school or holiday shopping--might benefit from a provider's ability to scale resources on demand, rather than building the internal capacity to handle peak loads that occur a few times per year. Don't move an application to the cloud just because you want to experiment or because someone has decided that you should have something "on the cloud." We've seen more than a few IT decisions heavily influenced by factors that are not supported by business justifications.  <center>To read the rest of the article, <a href="http://www.informationweek.com/gogreen/091012s/?k=axxe&cid=article_axxe_os">Download the InformationWeek September special issue on the cloud </a> </center>  <center> <div id="inlineReportPromo"> <div class="inlineReportPromo_headline"><a href="http://reports.informationweek.com/abstract/5/8962/Cloud-Computing/9-vital-questions-on-moving-apps-to-the-cloud.html?cid=pub_analyt__iwk_20120910" target="_blank" style="color:#ffffff;">9 Vital Questions On Moving Apps To the Cloud</a></div> <div class="inlineReportPromo_inner"> <img src="http://twimgs.com/informationweek/supplement/040/040SUPCSreportcover.jpg" width="177" height="109" style="float:right;"> Our full report on <a href="http://reports.informationweek.com/abstract/5/8962/Cloud-Computing/9-vital-questions-on-moving-apps-to-the-cloud.html?cid=pub_analyt__iwk_20120910" target="_blank">moving apps to the cloud</a> is available free with registration. This report includes 14 pages of action-oriented analysis. What you'll find: <ul class="normalUL"><li>Guidance on business driver, security, and other decisions</li> <li>How to choose the first app to move to the cloud</li></ul> <center><a href="http://reports.informationweek.com/abstract/5/8962/Cloud-Computing/9-vital-questions-on-moving-apps-to-the-cloud.html?cid=pub_analyt__iwk_20120910" target="_blank">Get This</a> And <a href="http://reports.informationweek.com/">All Our Reports</a></center> </div> </div> </center>  2012-07-24T14:45:00ZGoogle IaaS Vs. Amazon EC2: New BenchmarksZencoder's new benchmarks find that Google Compute Engine offers a powerful and competitive infrastructure-as-a-service option to Amazon.http://www.informationweek.com/news/240004282?cid=RSSfeed_IWK_AuthorsZencoder, a cloud-based video transcoding service, on Monday published benchmarks comparing Google's new infrastructure-as-a-service (IaaS) offering, Google Compute Engine (GCE), to Amazon's Elastic Compute Cloud (EC2), the current IaaS market leader. <a href="http://blog.zencoder.com/2012/07/23/first-look-at-google-compute-engine-for-video-transcoding/">The benchmarks</a> compare GCE, which runs entirely on the Sandy Bridge architecture, and Amazon's Cluster Compute instances, which run on Nehalem and Sandy Bridge architectures. The results show that Google has a powerful and competitive offering in the IaaS space, especially in terms of hourly price--but Amazon's instances outperform Google's, both in terms of raw performance and price-per performance. Zencoder's benchmarks compared the following instance types: -- Google Compute Engine's n1-standard-8-d server, running on an 8-core, 22-GCEU Sandy Bridge processor, at $1.16 per hour. -- Amazon's EC2 cc1.4xlarge, running on an 8-core, 33.5 ECU Nehalem processor, at $1.30 per hour. -- Amazon's EC2 cc2.8xlarge, running on a 16-core, 88 ECU Sandy Bridge processor, at $2.20 per hour. Zencoder tested a range of different video transcoding scenarios, from one simultaneous encoding process at 640 x 360, to six simultaneous encoding processes at 1280x720. In <a href="http://blog.zencoder.com/wp-content/uploads/2012/07/GCE-vs-EC2.png">all scenarios</a>, Amazon's price-per performance beat Google's. For example, the EC2 cc1.4xlarge costs $2.92 per thousand, versus GCE's n1-standard-8-d's $3.66 per thousand when running six simultaneous encoding processes at 1280x720. [ Learn more about GCE's partner ecosystem. See <a href="http://www.informationweek.com/news/hardware/virtual/240003042?itc=edit_in_body_cross">Google Compute Engine Leverages Third Party Support</a>. ] As I discussed in my <a href="http://www.informationweek.com/news/cloud-computing/infrastructure/240002899">hands-on review</a> of Google Compute Engine, computing performance is only one piece of the overall picture in comparing IaaS vendors. Zencoder found, like I have, that GCE beats Amazon in some performance metrics, like boot time, and appears to have more consistent performance than EC2 has had historically. And Zencoder has compared two more costly Amazon machines to the current most-expensive Google entrant, which means that if your performance needs are met by Google's offering here, you would save money by using it over the Amazon Cluster Compute instances. Amazon has been in the IaaS game for years, and has a much larger number of instance/machine type offerings, so it's not surprising that they can outperform Google's initial offerings. Ultimately, Google will need to add more higher-powered machine types to its IaaS product line, but these results show that Google looks like the first real competitor to Amazon in this space.2012-06-28T14:45:00ZGoogle Compute Engine: Hands-On ReviewGoogle Compute Engine is a stable, reliable, and fast provider of on-demand computing resources. But it offers fewer features than rival Amazon Web Services.http://www.informationweek.com/news/240002899?cid=RSSfeed_IWK_AuthorsGoogle on Thursday announced the Google Compute Engine (GCE), an Infrastructure-as-a-Service (IaaS) offering that allows users to launch virtual servers in Google's own data centers. The IaaS market is one that has been dominated by Amazon Web Services (AWS), but Microsoft's recent announcement that it would launch an IaaS offering with Azure earlier this month, combined with Google's announcement Thursday, indicate that Amazon's hold will loosen. Google brings a great deal of credibility to its IaaS offering, as users will be able to run their applications on the same infrastructure that Google uses for its Internet-scale, battle-tested Web services, like Gmail, Maps, and Search. In my current role as VP, research and development for BuildFax, I have had the opportunity to work with GCE for more than a month, and to compare it to the other IaaS vendor offerings that I have used during the past four years. Overall, GCE is as stable, reliable, and fast a provider of on-demand computing resources as any, and provides more consistent real-world performance than any other public cloud I have tested. Whether users switch from AWS to GCE will be largely dependent upon whether they can forgo the additional services that AWS provides, and if GCE offers significant price or performance benefits over AWS. Services GCE offers a variety of machine types and, at present, several Ubuntu and CentOS images for those machine types. I anticipate that Google will add to both the machine type and image offerings, although it may take them a while to get to the kind of variety that AWS has today. Like other self-signup IaaS providers, GCE uses an API to launch and terminate servers. Unlike some other IaaS providers, GCE has a number of "advanced" cloud computing features: user-level access to individual servers; persistent, attachable storage; specifying the data center/zone in which to launch the virtual machine; and robust external firewall rules. The Good Stuff Even though GCE has been in private beta, it has been rock-solid for me as far as launching servers quickly on demand and delivering consistent server performance. I have had much worse experiences with a few public clouds that aren't in beta. Servers launch amazingly fast; even though my average server launch time on AWS has dropped from eight minutes four years ago to less than two minutes today, GCE smokes AWS here. I haven't had a server take more than one minute to launch with GCE. GCE provides a very nice command-line utility for interacting with its API. Both the utility and the GCE API highlight annoyances that exist with Amazon's variety of different command-line programs. GCE's "ssh" command is fabulous: after launching a virtual machine, you can call the GCE API and have it create a user, private key, and related authorized_keys entry for that VM with a single, easy command-line call. In contrast, AWS requires specifying one private key for root at launch, and then requires that you keep that key safe and remember where it is to log into the VM. [ Organizations have many cloud options. Read <a href="http://www.informationweek.com/news/cloud-computing/infrastructure/240002117?itc=edit_in_body_cross">NASA Drops OpenStack For Amazon Cloud</a>. ] In real-world benchmarks, using full copies of my company's production database and replicas of our application servers, we found that VMs on GCE--in this private beta period--had more consistent performance than comparable servers on AWS. Of note, the GCE hardware is used for many of Google's internal applications, so it wasn't just GCE testers hitting the servers; the underlying hardware was under significant load. Finally, GCE plugs into RightScale, a cloud management platform that we use at BuildFax. This means that launching our applications servers was as simple as pointing a ServerTemplate at the GCE cloud, and I didn't have to spend any time installing or configuring software, something that would ordinarily be very time-consuming. With the arrival of more and more competitors to Amazon EC2, running a cloud management platform that allows deploying and managing similar virtual machines across multiple clouds is becoming more and more important to avoiding lock-in and increasing stability and efficiency. Editor's Note: Writer Joe Emison adds the following: "A prior version of this review ran with benchmark numbers and comments based upon pre-launch hardware that is inferior to the hardware that GCE has launched with. When the benchmarks are re-run on the new hardware, I will post them. I regret the error." Zencoder has published its own Google Compute Engine vs. Amazon EC2 benchmark study. Read a follow-up report with the new benchmark results at <a href="http://www.informationweek.com/news/cloud-computing/infrastructure/240004282"> Google IaaS Vs. Amazon EC2: New Benchmarks</a>.The Not-As-Good Stuff Unlike other IaaS providers, GCE will take its "zones" offline for scheduled maintenance, and that means customers should design their infrastructures for machine failure. On the one hand, this policy should force better cloud infrastructure design than seems to be the norm on AWS. On the other hand, other cloud providers do their best to avoid all scheduled maintenance, and Amazon usually gives customers at least a week-long window in which to manually reboot servers so that "scheduled maintenance" can be scheduled by the customer and not the IaaS vendor. Also, GCE's maintenance windows lead to the complete destruction of your VMs; AWS's simply require an instance reboot, which preserves your ephemeral storage. Today, GCE's machine types are more limited than AWS; all of them are built from even multiples of "2.75 GCEU/3.75GB RAM" chunks. This is similar to SoftLayer, which has "1 CPU/1GB RAM" chunks, and Rackspace Cloud, which has both "1 CPU/1GB RAM" and "1 CPU/2GB RAM" chunks. Additionally, the amount of ephemeral disk space also goes up as the CPU/RAM goes up. The good news is that, unlike with the Rackspace Cloud, you can attach persistent storage to servers on GCE, so if you require a server with a lot of disk space but little CPU and RAM, you won't have to overpay. The bad news is that if you need a server with a lot of RAM but little CPU, or vice versa, you will overpay on GCE today. Speaking of persistent storage, GCE's implementation leaves a number of things to be desired to those accustomed to Elastic Block Storage (EBS) on AWS. First, GCE persistent storage must be attached at instance launch. You cannot create persistent storage and then attach it to a running instance. Second, GCE does not offer snapshots of persistent storage, and so GCE does not have the disaster recovery or data-cloning benefits of EBS. So, while GCE is offering something significantly better than Rackspace Cloud with its persistent storage, GCE is behind both AWS and SoftLayer with its limited persistent storage feature set. Impact on the IaaS Market For almost six years, AWS has been the only large company with a robust, stable, and affordable cloud-computing-on-demand product. Competitors have either had lackluster features, performance, and/or stability (e.g., Rackspace Cloud), or they've been enterprise-only with extremely large price tags (e.g., IBM), or they've been offered by less-well-known companies (e.g., SoftLayer). Google is the first company to take AWS on its own turf; a revolutionary Internet company leasing its own Internet-scale resources to the general public at utility prices. Amazon's virtual monopoly on powering the vast majority of Internet startups is likely now over, especially as many of those startups rely upon Google for other pieces of their infrastructure, with Gmail and Google Apps. And those companies that rely upon Microsoft for their infrastructure now have its IaaS offering coming soon, which will likely eat into Amazon's share of the market as well. Additionally, potential customers who have avoided IaaS offerings to date because they perceived IaaS as "experimental" may be forced to look again, with the new products from (and implicit endorsement of IaaS by) two technology giants. I do not see the movement from on-premises, non-virtualized servers to public IaaS abating any time soon. Final Thoughts Google spent the last decade creating many of the core ideas behind robust data centers and data processing. From white-box servers to MapReduce, the programming model used for a vast number of large data-processing jobs today, Google has built an array of fabulous tools but has only been using them for itself. The rest of the world has been relying upon developers who have read Google's research papers and then built their own versions of Google's technology (e.g., Doug Cutting, creator of Hadoop, an open-source MapReduce implementation). Amazon has been capitalizing on its amazing ability to operationalize every different, useful piece of technology that has come along (e.g., Amazon's Elastic MapReduce, which uses Hadoop to deliver MapReduce technology to the masses), and has been able to sell its services in a market devoid of large, innovative competitors. With the announcement of Google Compute Engine, Amazon finally has a competitor that has the potential to match its own ability to release groundbreaking infrastructure services on a regular basis--and historically, Google has created more technological innovations than Amazon (which seems to innovate the most by having the best inventory of products and selling them like hotcakes). And even though it is early yet, and Google has a long way to go to match the 25+ services that Amazon offers today, Google has leap-frogged other entrants in the IaaS space to become the most viable competitor to Amazon. Editor's Note: Writer Joe Emison adds the following: "A prior version of this review ran with benchmark numbers and comments based upon pre-launch hardware that is inferior to the hardware that GCE has launched with. When the benchmarks are re-run on the new hardware, I will post them. I regret the error." Zencoder has published its own Google Compute Engine vs. Amazon EC2 benchmark study. Read a follow-up report with the new benchmark results at <a href="http://www.informationweek.com/news/cloud-computing/infrastructure/240004282"> Google IaaS Vs. Amazon EC2: New Benchmarks</a>.2012-06-18T16:03:00ZFundamentals: Amazon S3: Web Hosting on the Cheaphttp://reports.informationweek.com/abstract/5/8748/Cloud-Computing/fundamentals-amazon-s3-web-hosting-on-the-cheap.html?cid=RSSfeed_IWK_Authors2012-04-30T08:00:00ZIaaS A Bad Deal? Not So FastThe calculation as to whether infrastructure services make sense involves more than just sunk data center costs.http://www.informationweek.com/news/232901031?cid=RSSfeed_IWK_Authors  <div id="inlineGreenPromoTop"> <div class="greenBand"></div> <div class="inlineGreenPromoContent"> <a href="http://www.informationweek.com/gogreen/043012smb?k=axxe&cid=article_axxe_os"><img src="http://twimgs.com/informationweek/smb/009/smallcov.jpg" alt="InformationWeek Green - Mar. 7, 2011" title="InformationWeek Green - Mar. 7, 2011" align="left" class="greenIssueImage" /></a> <a href="http://www.informationweek.com/gogreen/043012smb?k=axxe&cid=article_axxe_os"><img src="http://twimgs.com/infoweek/graphics_library/misc/Green_leaf_88x88.jpg" alt="InformationWeek Green" title="InformationWeek Green" align="right" class="greenLeaf" /></a> <div class="greenPromoText"> <a href="http://www.informationweek.com/gogreen/043012smb?k=axxe&cid=article_axxe_os">Download the entire May 2012 issue of InformationWeek SMB</a>, distributed in an all-digital format as part of our <a href="http://www.informationweek.com/green/">Green Initiative</a> (Registration required.) </div> </div> <div class="greenBand"></div> </div>   A recent <a href="http://www.informationweek.com/news/cloud-computing/infrastructure/232601889">column by Art Wittmann arguing that infrastructure-as-a-service is a bad deal</a> attracted significant controversy, largely among promoters of the public cloud. Wittmann presents detailed numbers showing that, from a capital expenditure perspective, buying your own storage hardware is significantly less expensive long term than paying an IaaS vendor to rent its hardware. My response: If you're not saving money with IaaS, you're doing it wrong. The benefits don't come from getting less-expensive storage than you can buy for your own data center. Rather, they come from Amazon EC2's online server capacity, so to criticize IaaS and ignore EC2, as Wittmann does, is to miss the point. Now, the math is different for an established Fortune 1,000 with a half-dozen data centers than it is for a startup that came of age in the cloud era. New companies without data center footprints are reaping the greatest benefits. But no matter who you are, the major cost benefit of the cloud has nothing to do with renting hardware and everything to do with eliminating labor costs around server administration and maintenance. That Fortune 1,000 likely already has significant server automation and maintains server-to-admin ratios in the hundreds. For smaller shops, server-to-admin ratios are more likely to be in the low double digits. The hardware provisioning economies of scale enterprises enjoy haven't been available for companies that have just hundreds of servers--until now, through IaaS vendors. A company I co-founded, BuildFax, launched on the public cloud without any of the costs of a conventional data center but with all of the benefits: redundant Internet connections and power sources; top-of-the-line physical security; and dedicated, 24-hour staff. Had we decided to build a data center, the manpower cost alone for a network and a systems administrator, at a combined salary and benefits of more than $150,000 per year, is a sum that, for us, completely dwarfs the hardware costs on which Wittmann bases his argument that IaaS is a bad deal. The table, on the previous page, demonstrates two possible paths that a company like BuildFax could take at launch. I think the numbers speak for themselves. So how is BuildFax able to get by without a system or network admin? Simple: A properly configured cloud architecture on IaaS means that the standard tasks involved in setting up a new server instance are handled by our IaaS vendor. From then on, our developers can do all necessary system and network administration through a control panel, like the Amazon Web Services control panel; a cloud management platform, such as RightScale or enStratus; or an API, like the AWS API. It's really that simple, and at BuildFax, we've been operating this way for more than 2-1/2 years with between 50 and 1,000 virtual machines running at a time. Now, it's true that savings on personnel cost are only realized if your organization is willing to automate workers out of their jobs. But at least those hours could be shifted to work that benefits the business more directly. And yes, theoretically, these automation benefits are available for private clouds using software like Citrix/Apache CloudStack or Eucalyptus and a hypervisor like Xen or VMware. But the reality is that private cloud software is still very much a work in progress. The current (unusable) state of the "marquee" product in the space, OpenStack, shows that we're years away from simple, turnkey private cloud automation. This is why the public cloud is so compelling today--it's the only way most of us are going to get a fast, cheap, and easy way to automate server provisioning. So how do you know if IaaS is a good deal for your company? Successful IaaS adopters tend to fall into one of three buckets. One, they have variable loads that represent significantly different server needs over time; this is one place Wittmann and I agree, <a href="http://www.informationweek.com/news/global-cio/interviews/232602429">based on his follow-up</a>. Two, they're startups with no existing data center infrastructure or staff or are established companies taking on a large project that would require significant additional data center infrastructure or staff. Or three, they have a low server-to-admin ratio and are looking to cut costs. You can use public IaaS now, using a cloud management platform to avoid lock-in, and then switch to a private cloud if you so desire once that technology is more stable. The cost benefits of IaaS over 1990s-era server management are obvious. So is the fact that the public cloud is not for everyone. There are many good reasons to stay tucked within a data center footprint; security and compliance top most lists. But until server automation becomes as easy to do in a data center as it is in the public cloud, IaaS will have significant cost advantages for most companies. <center><img src="http://twimgs.com/informationweek/smb/009/internalIT_table.jpg" width="590" height="299" alt="chart: Internal IT Vs. IaaS 2 and 10 year comparison" hspace="0" vspace="0" border="0" style="margin-bottom:7px;" /> </center>