April 13, 2011 at 2:25 am
Cloud is essentially a platform or service you can pay for to use instead of having to manage servers yourself.
That's basically it.
This platform however comes with some restrictions and possibilities. For one, your entire application architecture has to change and be reworked for you to be able to put your applications and services in the cloud. You have to learn about the roles and restriction and handle a lot more of parallel execution so that if you lets say have a queue of transactions to be processed and you have several worker roles you have to make sure these workers does not do each others jobs etc.
April 13, 2011 at 7:09 am
Good Editorial Steve.
There was an article about the M$ Chief Software Architect (Bill's replacement) in the last WIRED.
He is/was the guy that worked on the IBM Notes project and started the whole cloud or Software as a Service thing at M$. He was the person WIRED said would "drag M$ kicking and screaming into the 21st century." He was fired for talking publicly about the cloud.
Seems alot of big money out there believes that the cloud only belongs in the sky, and on the proprietary part of a Flow Chart. Federated or not this does not realy matter to me. I have both and they both have thier plus sides and down sides.
IMHO - this is more of a choice about what fits the need.
April 13, 2011 at 8:55 am
There is too much hype about the cloud these days but the PAAS definition is pretty much how I look at it. However, it isn't worth it if you have to turn your application inside out to run in the "cloud". You hit it right on the head Steve when you stated that the cloud has to provide the necessary set of abstractions or it doesn't offer much, if any, value. Finally, if it isn't just as secure as what I'm doing now, I can't justify using it.
April 13, 2011 at 9:21 am
I am also weary of moving into "the cloud". I started researching this option as I began drafting the proposal for the future of our App Dev Environment. At first it seemed promising, since within our organization App Dev is essentially departmental, where as Database and Server Administration is primarily centralized within the IT Infrastructure.
This creates conflicting interests, resulting in IT getting pulled in 10 different directions, and having to provide a piecemeal offering to everyone, which falls short of the desired solution without fail.
SaaS/PaaS seemed to offer a way around this headache, allowing Departmental App Dev to get a "dedicated" dev environment that would in theory meet the needs of the department "to spec". However, in researching the cost, the limitations, the restrictions, etc... that would be placed upon developing in this environment, it just didn't make sense to pursue that.
From the perspective of virtualization and rapid growth/rapid development, I like the idea of Saas/PaaS. However, at this point I think the next logical step is more the direction of an internal Virtual Server environment. I can only hope that responsiveness and flexibility of the IT DBA/Server Admins is greatly increased through the use of a more flexible/scalable VM implementation.
April 13, 2011 at 9:33 am
There's an acronym called PAAS, which is Platform as a Service, and it's analogous to SAAS (Software as a service) and IAAS (infrastructure as a service). The idea is that an application platform exists in the cloud and you essentially upload your code, allowing the provisioning, scaling, and other details to be handled by the platform is interesting.
I think that statement is slightly off. PaaS is not directly analogous to SaaS and IAAS. The subtle differences are demonstrated if you think of each of them in terms of layers.
In order from the most control (for the client) to least control:
Co-location (Facility as a Service?): You get a cage with power and internet, what you put in there is your concern.
HaaS/IaaS: The client leases the use of hardware (usually virtualized). Customer is responsible for everything above the VM layer.
PaaS: The provider handles the hardware, and OS configuration, and some platform on top of it (SalesForce, Azure SQL, etc). The customer uploads code or data that is specially formatted to run on that platform and has no OS level control.
SaaS (formerly ASP): Leased applications. The customer may be responsible for some configuration options in the app, but essentially is outsourcing all of the hardware and software issues to the cloud provider.
Examples of each
HaaS/Iaas: Amazon EC2
PaaS: Microsoft Azure
SaaS: Google Docs, FaceBook, etc.
April 13, 2011 at 9:47 am
j_e_o (4/13/2011)
Finally, if it isn't just as secure as what I'm doing now, I can't justify using it.
Nice point j_e_o, the fact that once your data is in the Cloud anyone supporting that cloud might have access your data is important to consider.
Does anyone know what the Sigma 6, SOX, JSOX, HIPA, etc... stance on storing data in the cloud is?
April 13, 2011 at 9:58 am
SanDroid (4/13/2011)
Does anyone know what the Sigma 6, SOX, JSOX, HIPA, etc... stance on storing data in the cloud is?
I know that Amazon has been spending a lot of effort dealing with compliance and information Governance concerns because they rightfully see this as a major barrier to selling their service. Here is a page from their site where you can read about what they are doing on their end to address this: http://aws.amazon.com/security/#certifications
August 21, 2012 at 9:52 am
Hey @steve-2,
Nice post! However, I think that today there is a slew of services and tools offered “in the cloud” (for example, see this list of cloud resources for developers and that many business can utilize from this, whether very small business with a tiny IT budget to large organization with huge IT budgets and several IT-related departments. Additionally, I think that using cloud services doesn’t necessarily mean totally reworking your system architecture rather tweaking it to suit any new requirements.
Regarding security in the cloud-
the fact that once your data is in the Cloud anyone supporting that cloud might have access your data is important to consider.
Well @SanDroid – access is something defined by permission, even if you use a third party service in a virtualized environment and besides, if you’re “online” there’s always the risk of someone or something gaining access to your data. I believe that companies that offer services in the cloud put quite a lot of effort into developing and testing the secureness of their services, and in any case, one should always make sure important or private data is properly secured.
@JohnFx – I think your reference to co-location as facility as a services and the mention of hardware as a services is misleading because you are including actual physical objects while the concept of XaaS (anything as a services) refers to services that can be provided in a cloud environment.
Cheers 🙂 Natali
"Press any key to continue, where's the ANY key?" 😛 Homer Simpson
August 28, 2012 at 9:13 am
I think the recent litany of cloud security breaches rightly justifies concerns about moving enterprise data stores to the cloud environment. I completely understand the draw, especially for smaller companies, to attempt outsourcing their data centers using the cloud for cost purposes. However, I think this is more a matter of calculated risk on their part to save money, and possibly even a bit of wishful thinking/being blinded by the price tag. In smaller companies, security threats are often rationalized away by the argument that they are not a big enough company to be a likely target for hacking, etc...
This, I think, is ironic because it seems to me that by jumping into the cloud with everyone else they are actually voluntarily taking on more risk by putting all of their data assets into a much larger collection of data assets, which when taken together makes a much more attractive target for a group looking to make a name for themselves as "uber-hackers". Think of the bank robbers of the early 20th century... their not going door-to-door looking for small scores, their looking for the big pay-off from the community vault.
Granted, with time came better security measures and more serious enforcement efforts to create a better sense of security in the banking community by discouraging theft and insuring the valuable assets which were being vaulted. This will also likely happen with the cloud as it continues to develop and evolve. I just don't think the cloud is there yet. Data security just isn't taken as seriously as fiscal security, which I believe is evidenced by the fact that the major players in this arena are companies like Amazon... Not a data security company. That's like saying, "I bank with Walmart". Data is also a different beast. Although, much like time, it can be translated directly to $$$, it has a kind of Genie in a bottle/Pandora's box aspect to it. Once the cat's out of the bag, it's not easily coaxed back in...
Just my 2 cents...
Viewing 10 posts - 1 through 9 (of 9 total)
You must be logged in to reply to this topic. Login to reply