Five Problems Keeping Legacy Apps Out of the Cloud

The hype about cloud computing has gotten so loud that Gartner Group used Cloud as the lead in its hype-parazzi special report Hype Cycle 2009. The sharply sloping graph in the report places cloud, along with e-book readers, wireless power and social software suites, at or near the “Peak of Inflated Expectations,” preparing for a dive into the “Trough of Disillusionment.”

One thing that may drive it into that trough — other than the unrealistic projections by some providers of cost-savings and easy capacity planning — is the difficulty in getting certain applications to run on it effectively, according to analysts and vendors selling technology to help bridge the gap.

What are the difficulties? Here’s a look at five key hurdles.

1. Today’s clouds are not alike

No one “cloud platform” exists — each is different, meaning the specific migration, support, cost and capacity issues vary from vendor to vendor. And moving a legacy application to the cloud means taking a proven quantity in a known environment and moving it to a new environment that will make almost everything about it different, according to Bernard Golden, CEO at HyperStratus, and CIO.com blogger.

[For timely cloud computing news and expert analysis, see CIO.com’s Cloud Computing Drilldown section. ]

“Legacy applications come with a lot of integration with your other systems, and usually they had to be done fast, so you have a lot of direct database calls from one application to another and that kind of thing that may not work when one endpoint is outside the perimeter,” according to Golden.

“There’s the tiny straw issue, too; there is an order of magnitude more bandwidth available inside the data center than outside it. And you have to decide whether it’s important that you manage everything from one pane of glass, because the management tools are not up to doing that with cloud and legacy applications yet,” Golden says. “There are a lot of basic technical issues that are often not addressed.”

2. Security worries

Security gets top billing as a risk of cloud computing because the idea is new and the locks aren’t as fully tested as those on legacy applications. At least as big an issue for many companies is knowing who is using the applications or accessing the data, whether they have permission to do so or not, according to Chris Wolf, infrastructure analyst at The Burton Group.

Cloud Security: Danger (and Opportunity) Ahead

“For enterprises that have security or compliance concerns, multitenant cloud infrastructures are just non-starters right now, because the tools to monitor or control that has not been addressed yet,” he says.

Single-tenant clouds — that is, cloud platforms a company owns and manages itself — only solve part of that issue. Being able to physically limit access to the cloud by controlling the rest of the IT infrastructure makes the contained cloud safer, but still doesn’t provide the detailed audit trail many companies need to comply with financial or privacy regulations, Wolf says.

3. Licensing and interoperability concerns

Legacy applications are supposed to be the creaky inflexible problem when it comes to migration, but neither major software vendors nor cloud providers are making the migration any easier, Golden says.

While most legacy applications have been upgraded from the homegrown, no-public-standards era of corporate computing, most are built with databases, communications or data-translation modules and other commercially-licensed technology. That means vendors like Oracle, Siebel, SAP and others would have to change their licensing to support “three weeks running on three servers, then one week per month expanding to ten and only paying for the capacity you use,” Golden says. “Most licenses are still tied to one physical box, although Oracle has made some movements in this direction.

Legacy apps typically also don’t typically support the newest technology except in the user interfaces that aren’t part of their cores — exactly the technologies on which cloud platforms are built. Microsoft Azure is based on its .Net programming architecture, which most legacy apps are not. Google’s App Engine is designed to support software written in Python — a Web-friendly language popular with developers of PHP-based software running on Web servers. Salesforce.com has a proprietary application and data structure.

4. You don’t know your own legacy

Your company may live and die by its line-of-business applications, but that doesnt mean you know everything going on behind the endlessly-customized codes, interfaces and forms that started out as business automation and turned into a rigid legacy application, according to CEO Mark Cashman and CTO Steve Yaskin of Queplix.

Queplix’s tools are designed to extract data, metadata, business logic and security information from legacy applications using a mix of custom-written and canned analysis and conversion utilities, so the resulting code can be run on cloud computing platforms — usually internal clouds rather than public ones.

With all the data, data structures and policy guidelines extracted, Queplix can analyze security, data-access and compliance rules from both commercial and homegrown apps — often finding huge holes in the process.

“We run a report that will show big holes in security that security people don’t know about and they don’t like when they see it,” Yaskin says. “Siebel isn’t designed to share [access control list] data with SAP and vice versa, so no one knows users have all this access; when we take all that out, you can see the access points and potential breaks in security and turn them to your advantage.”

Queplix sells a set of software development, analysis and conversion tools designed to extract data, business logic and security information from legacy apps so they’ll run in cloud-computing environments.

5. Migration is manual and darn few tools will help

Even at their best, Queplix and its competitors — master data management (MDM) providers such as Siperian and Initiate Systems — convert only a portion of the application and data, leaving the end-user or service provider to deal with the rest, according to John Abbott infrastructure analyst at The 451 Group, who published an evaluation of Queplix recently. Yaskin estimates Queplix’ best shot automates 85 percent of the migration. When will the situation improve?

VMware, which bought application-virtualization-developer Springsource earlier this year, is working on the problem, but not for legacy applications. Smaller companies such as the Israeli firm Gizmox will put an AJAX GUI on a legacy app and run that in the cloud, but don’t take care of its guts.

SAP and IBM — both of which have extensive custom-development and migration divisions — are also working on legacy-to-cloud migration tools, as is Oracle and Cobol-stalwart Micro Focus, Abbot says. So does Oracle, which is adopting technology developed by Sun.

Follow everything from CIO.com on Twitter @CIOonline.