If I had to summarize my assessment of this week's CloudConnect conference, it would be this: Attention regarding cloud computing is rapidly moving toward the pragmatics of using it and away from the theories of studying it.
Unusually for me, I was able to attend a number of sessions and, unlike most conferences, they were excellent, with a high level of content and low level of marketing. Here are a few of the things that I thought were interesting:
The first day (actually a pre-conference day) had a "Cloud Performance Summit," with a number of sessions and panels devoted to cloud statistics and use profiles. It was kicked off by Adrian Cockroft of Netflix, who described how his company is leveraging Amazon Web Services. Among his tidbits:
• Netflix.com is almost 100% hosted on AWS. Netflix chooses to do this not because they don't know how to run a data center, but because it provides them enormous flexibility in terms of not needing to predict how much compute capacity the company will need in the future.
• Netflix uses Amazon Reserved Instances heavily. An AWS Reserved Instance is, essentially, a prepayment that offers a lower rental rate in return. Because Netflix purchases a three-year reservation, it is able to depreciate the lease, thereby converting an operational expense into a capital investment. Certainly a twist on conventional expectations.
• Developers, rather than IT, manage Netflix AWS use. In fact, Netflix has no CIO. Developers are trusted and expected to operate the AWS environment correctly. This may seem quite surprising, but it is consistent with a company that has no vacation policy and allows employees to take as much time as they like.
Another fact, rather astonishing to me, came up during the performance summit. A speaker from Cedexis (I think — note to self, take better notes in future) said that his firm had examined a large number of enterprise applications and found that 35% (!) of them had some dependency on Amazon Web Services Eastern Region. Yes, these were important apps, not trivial ones, so the dependency on AWS is quite remarkable, and testament to the changing nature of how applications are built.
I expect that very few of these apps run in AWS; rather, they probably make a call to some external service, some portion of which, unbeknownst to the application developer, resides in AWS. This leads to another current running through the conference: the changing nature of applications.
The conference chair, Alistair Croll, kicked off this them on day one by announcing the death of the virtual machine and the future of "everything as a service." In other words, future applications will be constructed by selecting specific online services and assembling them into a bundle of functionality — rather than the current model of assembling a number of software components and compiling them into an application.
Will IT Groups Split in Half?
I explored this perspective during lunch one day with James Urquhart, who works at Cisco and also is a cloud computing blogger at Cnet. I believe that future IT organizations will bifurcate into an infrastructure organization and an application organization, which interact across an automated service interface. James' perspective is that a similar split will occur to operations, which will separate into an infrastructure operations groups and an applications operations group. The former will concentrate on ensuring that computing, storage, and network resources are always available, while the latter will focus on ensuring application availability, responsiveness, and elasticity. In fact, James goes further and posits a third group, the services operations group, which will be responsible for administering the services that applications consume.
This seems entirely plausible, but I am not so sanguine about the disappearance of virtual machines at the application level. There will still need to be a runtime environment — a container, if you will, to hold and execute the software assets, and operating systems have traditionally held that role.
It may be that a platform provider will offer an execution environment for applications, but it's not clear to me how such an environment would offer the range of services necessary for a typical enterprise application — integration with existing applications, inclusion of components that make service calls which the platform environment does not support, etc. And if the environment ends up with a really rich set of services, doesn't that look a lot like an operating system? I do agree, though, that for many bog-standard applications (think LAMP stack with PHP pages, a PaaS runtime environment that the application pages can be plugged into can replace a large proportion of VM-based, OS-heavy environments.
There's no doubt that the architecture of applications is going to be affected significantly by the rise of cloud computing. Many organizations assume that cloud computing will end up a lot like traditional infrastructure, with traditional infrastructure application architectures; however, the new environment will give rise to new application architectures requiring new design patterns. Just think of how writing Web-based applications has changed the design patterns appropriate for a client/server world.
I've only scratched the surface of the content of the conference. There was a track on private clouds, a couple of sessions of which I attended, though the one I missed was where the fireworks broke out. To my mind, the ultimate answer to this question of whether private clouds will prove a long-term solution will revolve around cost and scale — while agility (usually defined as delivering a virtual machine in 10 minutes) is valuable, it is nowhere near enough to satisfy the long-term implications of cloud computing.
Privacy and Compliance Progress?
There was also a track on culture, risk, and governance. I got to see Dr. Chenxi Wang, security analyst for Forrester, talk about international cloud computing, with a focus on international laws on privacy, compliance, and liability. Two nuggets from her talk:
In her discussions with international clients, Asian ones generally emphasize business opportunity over privacy, while European ones emphasize privacy, notwithstanding any potential lost business opportunities.
As a way of addressing the issue of locating data generated in one nation in another and determining what privacy laws apply, Dr. Wang described a nascent proposal for "digital embassies." Embassies are legally the property of the country whose embassy the building contains, not the property of the country in which the building is located. In the digital embassy concept, a data center in which data resides be subject would be subject to the compliance and privacy strictures of the country in which the data originates, rather than those of the country in which the data resides. It's an interesting concept, though, as noted, nascent.
More interesting, perhaps, is the impact on national privacy and compliance laws of the new application profiles similar to the example the fellow from Cedexis described — an application that is comprised of services (and thus data) from multiple data centers, each of which may be subject to a set of laws and regulations. A single application could, literally, have a large number of compliance conditions applicable to it, given its mishmosh of services and components.
There was enough food for thought at CloudConnect to form a gigantic banquet. I left more convinced of the power and inevitability of this form of computing, and sobered by the challenges and questions it poses.
Bernard Golden is CEO of consulting firm HyperStratus, which specializes in virtualization, cloud computing and related issues. He is also the author of "Virtualization for Dummies," the best-selling book on virtualization to date.