Cloud // Infrastructure as a Service
Commentary
12/17/2012
02:08 PM
Charles Babcock
Charles Babcock
Commentary
Connect Directly
Twitter
RSS
E-Mail
50%
50%

Cloud Computing: Best And Worst News Of 2012

What were the key developments for enterprise cloud computing this year? Let's look at four big wins -- and three setbacks.

The researchers used a technique called a side channel attack to spy on use of the server's shared instruction cache over three to four hours. Doing so let them decipher enough of a 457-bit private key encryption to reduce the guesses needed to crack the encryption down to 10,000. That number is relatively small in the world of private key spying, because the task of trying all 10,000 remaining possibilities can be automated via systematic testing. The researchers used virtual machines generated under the Xen hypervisor, which is the same as the hypervisor generally used in the Amazon Web Services EC2 cloud and Rackspace Cloud.

The researchers, including Yinqian Zhang, at the University of North Carolina at Chapel Hill, and Ari Juels at the RSA Laboratories unit of EMC, said it was unlikely anyone had used their technique to infiltrate workloads on cloud servers.

Nevertheless, Juels told Dark Reading, "The upshot is that isolation in public clouds is imperfect and can potentially be breached. So highly sensitive workloads should not be placed in a public cloud. Our attack is the first solid confirmation of a long hypothesized attack vector." It remains true that it's extremely difficult to create a locked down computer system that's still engaged with the outside world. The bad guys are sure to find new ways to test the limits as they confront this architecture of virtualized servers in a cloud. Given the widespread use of virtualization in the cloud, this research provides an unsettling demonstration.

Setback #3: Cloud Pricing Is Still A Mess.

Today, it's hard to tell much from most cloud computing bills. You might see that it's higher. You can even see from a billing code how much of the increase came from a certain business unit, such as the marketing department. But you can't correlate the marketing department's workloads to the charges in the bill, to know what activities are driving usage.

What you'd really like to do is compare your cloud bill at Rackspace to what your charges would be on Google Compute Engine, Softlayer Technologies, Bluelock or Microsoft Azure. But the comparison requires hours of work at a spreadsheet, isolating information and then trying to translate it into corresponding terms.

One of the trickiest parts is figuring out how each vendor defines its standard virtual CPU and what it charges for one. Amazon calls a virtual CPU the equivalent of a 2007 Xeon or Opteron core. Google also has a physical equivalent but uses a different chip (one of two threads in a Sandy Bridge Xeon core), leaving it to you to look up the differences and drive your own definition of where virtual CPU value lies. The documentation is confusing, referring to logical core as 2.75 GCEUs (also referred to as GQs) or Google Compute Engine Units, which is also equal to about half of a Sandy Bridge. So a logical core isn't a core at all. In most cases it has only a vendor-defined relationship to some physical computing unit, with vendors all over the map.

Vendors also offer different configurations of standard servers. The major vendors do small, medium and large configurations, with several extra-large types thrown in the mix. But they each define the combination of memory, CPU and storage a little differently, making direct comparison difficult. You'd almost think they want it to be difficult.

What's also tricky is proving whether your use of a public cloud costs less than doing the same work in house. Doing so takes good system accounting procedures and knowledge of what particular functions within the data center actually cost. InformationWeek columnist Art Wittmann has thrown some healthy skepticism on this, noting that CPU performance and drive storage capacity keep climbing at logarithmic rates. "The Moore's Law advantage is immense and isn't something you should give up lightly, but some cloud providers are asking you to do exactly that," Wittmann writes.

There is help for deciphering pricing structures and figuring out how cloud computing fits into the IT budget. Some services will take the usage reporting stats provided by AWS and other vendors and use them to fill out a fuller picture. A warning: In some cases you have to give them your account identification information for them to be able to do that, which turns a lot of critical compute data about your business over to an outsider. Candidates to help include Apptio, Cloudability and Newvem, with migration and management partners such as Cloud Velocity, Skytap and Rightscale able to provide fuller usage pictures with billing information.

There's reason for hope in 2013. As I wrote this, Amazon Web Services evangelist Jeff Barr posted a blog entry saying Amazon will now make available an hourly report itemizing each server instance. That's a big step forward in visibility into the monthly cloud bill.

Previous
2 of 3
Next
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
hbaldwin940
50%
50%
hbaldwin940,
User Rank: Apprentice
12/20/2012 | 4:50:31 PM
re: Cloud Computing: Best And Worst News Of 2012
Charles is dead-on with setback #3 (Gǣpricing is still a messGǥ). There are, of course, ways to get rapid fixed-price, fixed-schedule cloud deployments, as this SAP video shows: http://bit.ly/SWnnp4. About me: http://bit.ly/UoILDg.
Laurianne
50%
50%
Laurianne,
User Rank: Author
12/20/2012 | 2:35:29 PM
re: Cloud Computing: Best And Worst News Of 2012
While the security worries get more press, the almost-impossible-to-compare pricing issue is just as painful for IT managers day to day, although Amazon is starting to take positive steps. I wonder how long it will take to get to more apples-to-apples comparisons. The situation works in the vendor's favor right now, not in IT's.

Laurianne McLaughlin
InformationWeek
TechYogJosh
50%
50%
TechYogJosh,
User Rank: Apprentice
12/20/2012 | 9:51:48 AM
re: Cloud Computing: Best And Worst News Of 2012
Charles, did you included only cloud infrastructure analysis by design? Or have you also converted to the mad rush which calls only IaaS as cloud and others as SaaS, PaaS, etc? In fact each of these SaaS PaaS IaaS are part of cloud metaphor and you should have touched upon at least all of these cloud layers. None the less a pretty good read.
John Foley
50%
50%
John Foley,
User Rank: Apprentice
12/19/2012 | 5:04:19 PM
re: Cloud Computing: Best And Worst News Of 2012
Cloud reliability (or lack thereof) and cost are well-known issues, but the threat of VM snooping, a.k.a. side vector attack, is less well understood and in some respects more worrisome. So far, it seems to be a theoretical threat, but research now shows it can be done, and when there's a will, there's a way. The researcher concludes that "highly sensitive workloads should not be placed in a public cloud." Let's see how long it is before some company pays the price for failing to heed that warning.
Multicloud Infrastructure & Application Management
Multicloud Infrastructure & Application Management
Enterprise cloud adoption has evolved to the point where hybrid public/private cloud designs and use of multiple providers is common. Who among us has mastered provisioning resources in different clouds; allocating the right resources to each application; assigning applications to the "best" cloud provider based on performance or reliability requirements.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Tech Digest September 24, 2014
Start improving branch office support by tapping public and private cloud resources to boost performance, increase worker productivity, and cut costs.
Video
Slideshows
Twitter Feed
InformationWeek Radio
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.