Cloud computing: The very definition of cloud computing remains controversial. Consulting firm Accenture has crafted a useful,
concise definition: the dynamic provisioning of IT capabilities (hardware, software, or services) from third parties over a network.
Cloud computing is computing model, not a technology. In this model of computing, all the servers, networks, applications and other elements
related to data centers are made available to IT and end users via the Internet, in a way that allows IT to buy only the type and amount of
computing services that they need. The cloud model differs from traditional outsourcers in that customers don’t hand over their own IT resources
to be managed. Instead they plug into the “cloud” for infrastructure services, platform (operating system) services, or software services (such as
SaaS apps), treating the “cloud” much as they would an internal data center or computer providing the same functions.
What is cloud computing?
Despite snarky comments among industry insiders and imprecise metaphors meant to explain virtualization and cloud computing to the masses,
it is patently untrue that the corporate computing world is returning to the mainframe model of computing.
Today’s hardware, software and networks are cheaper, more flexible and more accepting of anything a user or data-center manager wants to
do, for one thing. Rather than making users wait days or weeks for any changes or reports, typical data centers can easily add extra storage or
computing power to accommodate an online-sales promotion, for example.
On the other hand,
constrictive budgets, a bad economy, and computing hardware that has largely outstripped the demands business applications put on it have
increased the pressure on CIOs to not only show they’re using IT dollars efficiently, but also actually do it.
Virtualization — as well as the cloud computing model within which it often runs — answer much of that need, by giving CIOs
the ability to cover a week-long spike in demand by turning up the spigot on the computing power a business unit gets. A layer of virtualization
software allows a bank of servers to share the available workload, and lets the CIO give a business unit 10% more storage capacity or compute
power, rather than having to go buy completely new servers that add 10 times the required capacity.
The mainframe-like miracle is abstraction — the ability to hide the complexities of a system from the end user while providing all the
power and capabilities the user requires.
The World Wide Web is the largest abstraction layer in IT — hiding the complexity of a global network with hundreds of thousands of
specialized servers and arcane data behind search engines and hotlinks.
In IT, “virtualization” most often means server virtualization — in which one physical server acts as host to several virtual servers, each
of which runs on a layer of software called a hypervisor whose job it is to parcel out storage, memory and other computing resources while making
each virtual server believe it is running by itself on a standalone computer.
Cloud computing takes that abstraction one further step. Rather than making one server appear to be several, it makes an entire data-center’s
worth of servers, networking devices, systems management, security, storage and other infrastructure, look like a single computer, or even a single
The idea is to let companies buy exactly the amount of storage, computing power, security and other IT functions that they need from
specialists in data-center computing — in the same way they used to pay AT&T to come install the number of phones they required.
What are the different types of cloud computing?
Web-based email services from Google and Yahoo, backup services from Carbonite or MozyHome, customer-resource management
applications like Salesforce.com, instant messaging and voice-over-IP services from AOL, Google, Skype, Vonage and others are all
cloud-computing services, hidden behind yet another layer of abstraction to make them seem even simpler to end users who want the kind of
power sophisticated computing can give them, but don’t want to know how it’s done.
There are three basic types of cloud computing:
• Infrastructure as a Service — provides grids or clusters or virtualized servers, networks, storage and systems software designed
to augment or replace the functions of an entire data center. The highest-profile example is Amazon’s Elastic Compute Cloud [EC2] and Simple
Storage Service, but IBM and other traditional IT vendors are also offering services, as is telecom-and-more provider Verizon
• Platform as a Service — Provides virtualized servers on which users can run existing applications or develop new ones without
having to worry about maintaining the operating systems, server hardware, load balancing or computing capacity. Highest-profile examples include
Microsoft’s Azure and Salesforce’s Force.com.
• Software as a Service — The most widely known and widely used form of cloud computing, SaaS provides all the functions of a
sophisticated traditional application, but through a Web browser, not a locally-installed application. SaaS eliminates worries about app servers,
storage, application development and related, common concerns of IT. Highest-profile examples are Salesforce.com, Google’s Gmail and Apps,
instant messaging from AOL, Yahoo and Google, and VoIP from Vonage and Skype.
Why would I want cloud computing?
According to critics, there are nearly as many reasons not to want cloud computing as there are reasons to use it.
The arguments for cloud computing are simple: get sophisticated data-center services on demand, in only the amount you need and can pay
for, at service levels you set with the vendor, with capabilities you can add or subtract at will.
However, if someone else owns the computer infrastructure you rely on, you don’t have the kind of control over your data and the
performance of your applications that you may need, not to mention the ability to audit or change the processes and policies under which even
authorized users must work.
A slew of software vendors are rushing into the market to fill this gap with management tools, but that set of products remains quite
Complying with HIPAA, Sarbox and other federal regulations — and, more importantly, demonstrating to auditors that you have
— is extremely difficult right now with regards to cloud, according to Chris Wolf, virtualization and infrastructure analyst at The Burton
“When you’re talking about virtualization, at least there’s some commonality in the platform, the hypervisor you’re using, if not in the hardware
behind it,” Wolf says. “Cloud is not a one-size-fits-all solution. You have various flavors of SAAS, Amazon’s EC2 and other infrastructure services
that are all different in how they treat data at rest [in storage] and in motion [when it’s being used in applications or communications]. That’s a big
Cloud customers risk losing data by having it locked into proprietary formats, may lose control over data because tools to see who’s using it or
who can view it as it moves across the network are inadequate, or may lose confidence in it because they don’t know when data has been
compromised or how, Wolf says.
What are the drawbacks of cloud computing?
Clouds pose more than just legal problems; there are technical ones, too, according to Bob Laliberte, analyst at Enterprise Strategy
“We say about virtualization that it’s hard to manage an environment where your applications are playing hide and seek and your hardware is
lying to you,” Laliberte says. “It’s even more with clouds. You’re having to try to manage someone else’s hardware that’s lying to you.”
There is no single “cloud” involved in cloud computing, Laliberte says. All the SaaS and infrastructure-services providers use different
technology and different standards, meaning every vendor relationship will be different. You can’t just tool up one application or business process
for “the cloud” and be ready to go.
You also can’t just move applications to the cloud and expect them to run, even with the best virtualization technology, according to James Staten, data-center analyst for Forrester Research.
To move any significant corporate processing into a cloud environment requires at least the same amount of work IT would have to do to
move the same workload from its existing servers to new virtual or physical servers, including reconfiguring connections to network and storage
resources, Wolf says.
Keeping track of what happens after the workloads move often means using a completely different set of management applications that
integrate imperfectly, if at all, with a company’s existing management applications, Laliberte says. IBM, HP, BMC and other data-center
systems-management vendors are adding cloud-management functions as quickly as possible in order to try to appeal to customers who have
never dealt with them before, Laliberte says.
“A lot of CIOs are interested in internal clouds, but they’re leery of the performance issues and security inherent in the cloud environment,” he
Virtualization leader VMware is also leaping into
clouds, basing much of its technology strategy on the idea that companies should be able to virtualize all their IT assets into “internal clouds”
that will interoperate seamlessly with external clouds also based on VMware virtualization software.
Both that capability and customers’ willingness to go along with it are still in question, Wolf and Laliberte agree.
The best use of
clouds would be to be able to move specific workloads from internal servers to a cloud provider when you expect a spike in demand, take
advantage of the cloud provider’s additional capacity, move it back when the rush is over and pay only for the resources you used, Staten says.
“We’re a long way from being able to do that,” Staten says. (See Busting the Nine Myths of
CIOs on the leading
edge of cloud adoption say using an external cloud can make sense, but that metrics and strict controls are even more important in a cloud
environment than in a normal internal IT environment, specifically because there are so few controls inherent in cloud-computing relationships. They
recommend this checklist of
issues to go through before deciding whether and why to use cloud
services, which to use, and how. Though the intent of cloud computing is simple, the impact and mechanisms for delivery are often far more
“There’s a lot more to it than people often admit,” Staten says.
What to look for from cloud computing providers
Depending on what you’re looking for, there are a variety of providers, even of basic application or infrastructure services, but their prices and specific offerings vary. There’s often disagreement over how to even calculate
Amazon: Elastic Compute Cloud
(EC2), the best-known infrastructure service, prices its services per terabyte per month, decreasing the cost slightly as volume increases.
Customers pick their own services, including OS, security levels, access controls and APIs, and pay by volume of usage.
Google: App Engine: Gmail
is free for personal use and starts at about $50 per mailbox for corporate implementations with private domain names. Google’s App Engine lets
customers build virtual Java or Python Web applications on Google servers, and pay by the gigabyte when their capacity goes beyond the 500MB
of free data and resources to serve five million page views per month.
Skytap Virtual Lab: The lesser-known Skytap provides a platform on which customers can run virtual machines and applications
without building the virtual infrastructure themselves. Subscriptions start at $500 per month and increase with storage and data-transfer volumes.
VMware vSphere4: VMware, the market leader in virtualization technology, has moved into cloud technologies in a big way, for
example, with vSphere 4 (For more background on vSphere, see CIO.com’s recent analysis
of it.) While some vendors, such as Google, disagree with VMware’s emphasis on private
clouds, VMware has recently enlisted powerful partners in its bid to help customers use a mix
of private cloud and public cloud technologies.
Microsoft Azure: The hypervisor build into Windows Server 2008 competes directly with VMware’s virtualization software, but Azure is Microsoft’s real entry into the
cloud. Still in beta, Azure provides database and platform services
starting at $0.12 per hour for compute infrastructure; $0.15 per gigabyte for storage; and $0.10 per 10,000 transactions for storage. For SQL
Azure, a cloud database, Microsoft is charging $9.99 for a Web Edition, which comprises up to a 1 gigabyte relational database; and $99.99 for a
Business Edition, which holds up to a 10 gigabyte relational database. For .NET Services — a set of Web-based developer tools for
building cloud-based applications — Microsoft is charging $0.15 per 100,000 message operations, including Service Bus messages and
Access Control tokens.
Snapshot: Pros, Cons, Risks
Pros of Cloud Computing Model
• Quick deployment – add capacity or applications almost at a moment’s notice.
• Metered cost – pay-as-you-go approach for storage, processing and applications means more efficient use of IT spending.
• Little or no capital investment – costs don’t stay on the books for years.
• Little or no maintenance cost – maintenance is all from a workstation or configuration screen. You never have to go touch a physical
• Lower costs – Many customers use the same infrastructure, so the vendor is able to buy in bulk and amortize costs over more
customers, potentially lowering per-unit cost to each customer.
Cons of Cloud Computing Model
• Little or no capital investment – services don’t depreciate over years as capital expenses do, so there could be a tax
disadvantage over time.
• Monitoring and maintenance tools are not mature yet – visibility into the cloud is limited, despite recent announcements by BMC, CA, Novell and others that they’re
modifying their data-center management applications to provide better control over data in Amazon’s EC2 and other cloud services.
• Immature standards – groups such as the Distributed
Management Task Force, the Cloud Security Alliance and the Open Cloud Consortium are developing standards for interoperable
management, data migration, security and other functions, but real standards at the quality levels corporate IT requires are still a couple of years
away, most analysts agree.
Risks of Cloud Computing Model
• Data mobility – Most SaaS or cloud vendors have some ability for customers to download and store data, but the cost
of using someone else’s application is often that you can’t get all your data out of it in a way that’s usable in a different vendor’s software.
• Privacy – Most cloud contracts include privacy language that promises a customer’s data is secure and private. But with
cloud-monitoring and management software still in its infancy, a customer’s ability to know for sure who’s looking at what data — especially
who within their own organizations is using it — is limited.
• Service levels – Cloud computing isn’t entirely one-size-fits-all; there is some ability to customize the applications and
services each customer gets. But the ability to tailor service-level requirements to the specific needs of a business is far less than with internal data
centers where IT’s whole purpose is to further the company’s business goals.
• Interoperability – The highly-customized internal applications that many companies rely on most heavily are often
incompatible with generic IT infrastructures available within the cloud. That may be fine with many companies, which would prefer to use only
relatively generic applications outside their own firewalls.
For more information, read CIO.com’s “Case Against Cloud Computing” series, in
which cloud expert Bernard Golden discusses and picks apart the key arguments against enterprise cloud computing, including issues of migration,
compliance, management, SLAs and cost.