Cloud computing: The very definition of cloud computing remains controversial. Consulting firm Accenture has crafted a useful, \n\nconcise definition: the dynamic provisioning of IT capabilities (hardware, software, or services) from third parties over a network.Cloud computing is computing model, not a technology. In this model of computing, all the servers, networks, applications and other elements \n\nrelated to data centers are made available to IT and end users via the Internet, in a way that allows IT to buy only the type and amount of \n\ncomputing services that they need. The cloud model differs from traditional outsourcers in that customers don't hand over their own IT resources \n\nto be managed. Instead they plug into the "cloud" for infrastructure services, platform (operating system) services, or software services (such as \n\nSaaS apps), treating the "cloud" much as they would an internal data center or computer providing the same functions.\nWhat is cloud computing?\nWhat are the different types of cloud computing?\nWhy would I want cloud computing?\nWhat are the drawbacks of cloud computing?\nWhat to look for from cloud computing providers\nSnapshot: Pros, Cons, Risks\nWhat is cloud computing?Despite snarky comments among industry insiders and imprecise metaphors meant to explain virtualization and cloud computing to the masses, \n\nit is patently untrue that the corporate computing world is returning to the mainframe model of computing. Today's hardware, software and networks are cheaper, more flexible and more accepting of anything a user or data-center manager wants to \n\ndo, for one thing. Rather than making users wait days or weeks for any changes or reports, typical data centers can easily add extra storage or \n\ncomputing power to accommodate an online-sales promotion, for example. On the other hand, \n\nconstrictive budgets, a bad economy, and computing hardware that has largely outstripped the demands business applications put on it have \n\nincreased the pressure on CIOs to not only show they're using IT dollars efficiently, but also actually do it. Virtualization \u2014 as well as the cloud computing model within which it often runs \u2014 answer much of that need, by giving CIOs \n\nthe ability to cover a week-long spike in demand by turning up the spigot on the computing power a business unit gets. A layer of virtualization \n\nsoftware allows a bank of servers to share the available workload, and lets the CIO give a business unit 10% more storage capacity or compute \n\npower, rather than having to go buy completely new servers that add 10 times the required capacity. The mainframe-like miracle is abstraction \u2014 the ability to hide the complexities of a system from the end user while providing all the \n\npower and capabilities the user requires. The World Wide Web is the largest abstraction layer in IT \u2014 hiding the complexity of a global network with hundreds of thousands of \n\nspecialized servers and arcane data behind search engines and hotlinks. In IT, "virtualization" most often means server virtualization \u2014 in which one physical server acts as host to several virtual servers, each \n\nof which runs on a layer of software called a hypervisor whose job it is to parcel out storage, memory and other computing resources while making \n\neach virtual server believe it is running by itself on a standalone computer. Cloud computing takes that abstraction one further step. Rather than making one server appear to be several, it makes an entire data-center's \n\nworth of servers, networking devices, systems management, security, storage and other infrastructure, look like a single computer, or even a single \n\nscreen.The idea is to let companies buy exactly the amount of storage, computing power, security and other IT functions that they need from \n\nspecialists in data-center computing \u2014 in the same way they used to pay AT&T to come install the number of phones they required. What are the different types of cloud computing?Web-based email services from Google and Yahoo, backup services from Carbonite or MozyHome, customer-resource management \n\napplications like Salesforce.com, instant messaging and voice-over-IP services from AOL, Google, Skype, Vonage and others are all \n\ncloud-computing services, hidden behind yet another layer of abstraction to make them seem even simpler to end users who want the kind of \n\npower sophisticated computing can give them, but don't want to know how it's done. There are three basic types of cloud computing:\u2022 Infrastructure as a Service \u2014 provides grids or clusters or virtualized servers, networks, storage and systems software designed \n\nto augment or replace the functions of an entire data center. The highest-profile example is Amazon's Elastic Compute Cloud [EC2] and Simple \n\nStorage Service, but IBM and other traditional IT vendors are also offering services, as is telecom-and-more provider Verizon Business.\u2022 Platform as a Service \u2014 Provides virtualized servers on which users can run existing applications or develop new ones without \n\nhaving to worry about maintaining the operating systems, server hardware, load balancing or computing capacity. Highest-profile examples include \n\nMicrosoft's Azure and Salesforce's Force.com.\u2022 Software as a Service \u2014 The most widely known and widely used form of cloud computing, SaaS provides all the functions of a \n\nsophisticated traditional application, but through a Web browser, not a locally-installed application. SaaS eliminates worries about app servers, \n\nstorage, application development and related, common concerns of IT. Highest-profile examples are Salesforce.com, Google's Gmail and Apps, \n\ninstant messaging from AOL, Yahoo and Google, and VoIP from Vonage and Skype.\nWhat is cloud computing?\nWhat are the different types of cloud computing?\nWhy would I want cloud computing?\nWhat are the drawbacks of cloud computing?\nWhat to look for from cloud computing providers\nSnapshot: Pros, Cons, Risks\nWhy would I want cloud computing?According to critics, there are nearly as many reasons not to want cloud computing as there are reasons to use it. The arguments for cloud computing are simple: get sophisticated data-center services on demand, in only the amount you need and can pay \n\nfor, at service levels you set with the vendor, with capabilities you can add or subtract at will. However, if someone else owns the computer infrastructure you rely on, you don't have the kind of control over your data and the \n\nperformance of your applications that you may need, not to mention the ability to audit or change the processes and policies under which even \n\nauthorized users must work. A slew of software vendors are rushing into the market to fill this gap with management tools, but that set of products remains quite \n\nyoung.Complying with HIPAA, Sarbox and other federal regulations \u2014 and, more importantly, demonstrating to auditors that you have \n\n\u2014 is extremely difficult right now with regards to cloud, according to Chris Wolf, virtualization and infrastructure analyst at The Burton \n\nGroup. "When you're talking about virtualization, at least there's some commonality in the platform, the hypervisor you're using, if not in the hardware \n\nbehind it," Wolf says. "Cloud is not a one-size-fits-all solution. You have various flavors of SAAS, Amazon's EC2 and other infrastructure services \n\nthat are all different in how they treat data at rest [in storage] and in motion [when it's being used in applications or communications]. That's a big \n\nproblem."Cloud customers risk losing data by having it locked into proprietary formats, may lose control over data because tools to see who's using it or \n\nwho can view it as it moves across the network are inadequate, or may lose confidence in it because they don't know when data has been \n\ncompromised or how, Wolf says. What are the drawbacks of cloud computing?Clouds pose more than just legal problems; there are technical ones, too, according to Bob Laliberte, analyst at Enterprise Strategy \n\nGroup."We say about virtualization that it's hard to manage an environment where your applications are playing hide and seek and your hardware is \n\nlying to you," Laliberte says. "It's even more with clouds. You're having to try to manage someone else's hardware that's lying to you."There is no single "cloud" involved in cloud computing, Laliberte says. All the SaaS and infrastructure-services providers use different \n\ntechnology and different standards, meaning every vendor relationship will be different. You can't just tool up one application or business process \n\nfor "the cloud" and be ready to go. You also can't just move applications to the cloud and expect them to run, even with the best virtualization technology, according to James Staten, data-center analyst for Forrester Research.To move any significant corporate processing into a cloud environment requires at least the same amount of work IT would have to do to \n\nmove the same workload from its existing servers to new virtual or physical servers, including reconfiguring connections to network and storage \n\nresources, Wolf says. Keeping track of what happens after the workloads move often means using a completely different set of management applications that \n\nintegrate imperfectly, if at all, with a company's existing management applications, Laliberte says. IBM, HP, BMC and other data-center \n\nsystems-management vendors are adding cloud-management functions as quickly as possible in order to try to appeal to customers who have \n\nnever dealt with them before, Laliberte says."A lot of CIOs are interested in internal clouds, but they're leery of the performance issues and security inherent in the cloud environment," he \n\nsays.Virtualization leader VMware is also leaping into clouds, basing much of its technology strategy on the idea that companies should be able to virtualize all their IT assets into "internal clouds" \n\nthat will interoperate seamlessly with external clouds also based on VMware virtualization software. Both that capability and customers' willingness to go along with it are still in question, Wolf and Laliberte agree.The best use of clouds would be to be able to move specific workloads from internal servers to a cloud provider when you expect a spike in demand, take \n\nadvantage of the cloud provider's additional capacity, move it back when the rush is over and pay only for the resources you used, Staten says. \n\n"We're a long way from being able to do that," Staten says. (See Busting the Nine Myths of Cloud Computing).CIOs on the leading edge of cloud adoption say using an external cloud can make sense, but that metrics and strict controls are even more important in a cloud \n\nenvironment than in a normal internal IT environment, specifically because there are so few controls inherent in cloud-computing relationships. They \n\nrecommend this checklist of issues to go through before deciding whether and why to use cloud services, which to use, and how. Though the intent of cloud computing is simple, the impact and mechanisms for delivery are often far more \n\ncomplex. "There's a lot more to it than people often admit," Staten says.\nWhat is cloud computing?\nWhat are the different types of cloud computing?\nWhy would I want cloud computing?\nWhat are the drawbacks of cloud computing?\nWhat to look for from cloud computing providers\nSnapshot: Pros, Cons, Risks\nWhat to look for from cloud computing providersDepending on what you're looking for, there are a variety of providers, even of basic application or infrastructure services, but their prices and specific offerings vary. There's often disagreement over how to even calculate cloud-computing costs. Amazon: Elastic Compute Cloud (EC2), the best-known infrastructure service, prices its services per terabyte per month, decreasing the cost slightly as volume increases. \n\nCustomers pick their own services, including OS, security levels, access controls and APIs, and pay by volume of usage. Google: App Engine: Gmail \n\nis free for personal use and starts at about $50 per mailbox for corporate implementations with private domain names. Google's App Engine lets \n\ncustomers build virtual Java or Python Web applications on Google servers, and pay by the gigabyte when their capacity goes beyond the 500MB \n\nof free data and resources to serve five million page views per month. Skytap Virtual Lab: The lesser-known Skytap provides a platform on which customers can run virtual machines and applications \n\nwithout building the virtual infrastructure themselves. Subscriptions start at $500 per month and increase with storage and data-transfer volumes. \n\nVMware vSphere4: VMware, the market leader in virtualization technology, has moved into cloud technologies in a big way, for \n\nexample, with vSphere 4 (For more background on vSphere, see CIO.com's recent analysis \n\nof it.) While some vendors, such as Google, disagree with VMware's emphasis on private clouds, VMware has recently enlisted powerful partners in its bid to help customers use a mix of private cloud and public cloud technologies.Microsoft Azure: The hypervisor build into Windows Server 2008 competes directly with VMware's virtualization software, but Azure is Microsoft's real entry into the \n\ncloud. Still in beta, Azure provides database and platform services \n\nstarting at $0.12 per hour for compute infrastructure; $0.15 per gigabyte for storage; and $0.10 per 10,000 transactions for storage. For SQL \n\nAzure, a cloud database, Microsoft is charging $9.99 for a Web Edition, which comprises up to a 1 gigabyte relational database; and $99.99 for a \n\nBusiness Edition, which holds up to a 10 gigabyte relational database. For .NET Services \u2014 a set of Web-based developer tools for \n\nbuilding cloud-based applications \u2014 Microsoft is charging $0.15 per 100,000 message operations, including Service Bus messages and \n\nAccess Control tokens.Snapshot: Pros, Cons, RisksPros of Cloud Computing Model\n\n\u2022 Quick deployment \u2013 add capacity or applications almost at a moment's notice.\n\u2022 Metered cost \u2013 pay-as-you-go approach for storage, processing and applications means more efficient use of IT spending.\n\u2022 Little or no capital investment \u2013 costs don't stay on the books for years.\n\u2022 Little or no maintenance cost \u2013 maintenance is all from a workstation or configuration screen. You never have to go touch a physical \n\nserver.\n\u2022 Lower costs \u2013 Many customers use the same infrastructure, so the vendor is able to buy in bulk and amortize costs over more \n\ncustomers, potentially lowering per-unit cost to each customer.\n\nCons of Cloud Computing Model\n\n\u2022 Little or no capital investment \u2013 services don't depreciate over years as capital expenses do, so there could be a tax \n\ndisadvantage over time. \n\u2022 Monitoring and maintenance tools are not mature yet \u2013 visibility into the cloud is limited, despite recent announcements by BMC, CA, Novell and others that they're \n\nmodifying their data-center management applications to provide better control over data in Amazon's EC2 and other cloud services. \n\u2022 Immature standards \u2013 groups such as the Distributed Management Task Force, the Cloud Security Alliance and the Open Cloud Consortium are developing standards for interoperable \n\nmanagement, data migration, security and other functions, but real standards at the quality levels corporate IT requires are still a couple of years \n\naway, most analysts agree.\n\nRisks of Cloud Computing Model\n\n\u2022 Data mobility \u2013 Most SaaS or cloud vendors have some ability for customers to download and store data, but the cost \n\nof using someone else's application is often that you can't get all your data out of it in a way that's usable in a different vendor's software.\n\u2022 Privacy \u2013 Most cloud contracts include privacy language that promises a customer's data is secure and private. But with \n\ncloud-monitoring and management software still in its infancy, a customer's ability to know for sure who's looking at what data \u2014 especially \n\nwho within their own organizations is using it \u2014 is limited.\n\u2022 Service levels \u2013 Cloud computing isn't entirely one-size-fits-all; there is some ability to customize the applications and \n\nservices each customer gets. But the ability to tailor service-level requirements to the specific needs of a business is far less than with internal data \n\ncenters where IT's whole purpose is to further the company's business goals. \n\u2022 Interoperability \u2013 The highly-customized internal applications that many companies rely on most heavily are often \n\nincompatible with generic IT infrastructures available within the cloud. That may be fine with many companies, which would prefer to use only \n\nrelatively generic applications outside their own firewalls. For more information, read CIO.com's "Case Against Cloud Computing" series, in \n\nwhich cloud expert Bernard Golden discusses and picks apart the key arguments against enterprise cloud computing, including issues of migration, \n\ncompliance, management, SLAs and cost.