The hype about cloud computing has gotten so loud that Gartner Group used Cloud as the lead in its hype-parazzi special report Hype Cycle 2009. The sharply sloping graph in the report places
cloud, along with e-book readers, wireless power and social software suites, at or near the “Peak of Inflated Expectations,” preparing for a dive
into the “Trough of Disillusionment.”
One thing that may drive it into that trough — other than the unrealistic projections by some providers of cost-savings and easy capacity
planning — is the difficulty in getting certain applications to run on it effectively, according to analysts and vendors selling technology to help
bridge the gap.
What are the difficulties? Here’s a look at five key hurdles.
1. Today’s clouds are not alike
No one “cloud platform” exists — each is different, meaning the specific migration, support, cost and capacity issues vary from vendor to
vendor. And moving a legacy application to the cloud means taking a proven quantity in a known environment and moving it to a new environment
that will make almost everything about it different, according to Bernard Golden, CEO at HyperStratus, and CIO.com blogger.
[For timely cloud computing news and expert analysis, see CIO.com’s Cloud Computing Drilldown section. ]
“Legacy applications come with a lot of integration with your other systems, and usually they had to be done fast, so you have a lot of direct
database calls from one application to another and that kind of thing that may not work when one endpoint is outside the perimeter,” according to
“There’s the tiny straw issue, too; there is an order of magnitude more bandwidth available inside the data center than outside it. And you have
to decide whether it’s important that you manage everything from one pane of glass, because the management tools are not up to doing that with
cloud and legacy applications yet,” Golden says. “There are a lot of basic technical issues that are often not addressed.”
2. Security worries
Security gets top billing as a risk of cloud computing because the idea is new and the locks aren’t as fully tested as those on legacy applications.
At least as big an issue for many companies is knowing who is using the applications or accessing the data, whether they have permission to do so
or not, according to Chris Wolf, infrastructure analyst at The Burton Group.
Cloud Security: Danger (and Opportunity) Ahead
“For enterprises that have security or compliance concerns, multitenant cloud infrastructures are just non-starters right now, because the tools
to monitor or control that has not been addressed yet,” he says.
Single-tenant clouds — that is, cloud platforms a company owns and manages itself — only solve part of that issue. Being able to
physically limit access to the cloud by controlling the rest of the IT infrastructure makes the contained cloud safer, but still doesn’t provide the
detailed audit trail many companies need to comply with financial or privacy regulations, Wolf says.
3. Licensing and interoperability concerns
Legacy applications are supposed to be the creaky inflexible problem when it comes to migration, but neither major software vendors nor cloud
providers are making the migration any easier, Golden says.
While most legacy applications have been upgraded from the homegrown, no-public-standards era of corporate computing, most are built with
databases, communications or data-translation modules and other commercially-licensed technology. That means vendors like Oracle, Siebel, SAP
and others would have to change their licensing to support “three weeks running on three servers, then one week per month expanding to ten and
only paying for the capacity you use,” Golden says. “Most licenses are still tied to one physical box, although Oracle has made some movements in
Legacy apps typically also don’t typically support the newest technology except in the user interfaces that aren’t part of their cores —
exactly the technologies on which cloud platforms are built. Microsoft Azure is based on its .Net programming architecture, which most legacy
apps are not. Google’s App Engine is designed to support software written in Python — a Web-friendly language popular with developers
of PHP-based software running on Web servers. Salesforce.com has a proprietary application and data structure.
4. You don’t know your own legacy
Your company may live and die by its line-of-business applications, but that doesnt mean you know everything going on behind the
endlessly-customized codes, interfaces and forms that started out as business automation and turned into a rigid legacy application, according to
CEO Mark Cashman and CTO Steve Yaskin of Queplix.
Queplix’s tools are designed to extract data, metadata, business logic and security information from legacy applications using a mix of
custom-written and canned analysis and conversion utilities, so the resulting code can be run on cloud computing platforms — usually
internal clouds rather than public ones.
With all the data, data structures and policy guidelines extracted, Queplix can analyze security, data-access and compliance rules from both
commercial and homegrown apps — often finding huge holes in the process.
“We run a report that will show big holes in security that security people don’t know about and they don’t like when they see it,” Yaskin says.
“Siebel isn’t designed to share [access control list] data with SAP and vice versa, so no one knows users have all this access; when we take all that
out, you can see the access points and potential breaks in security and turn them to your advantage.”
Queplix sells a set of software development, analysis and conversion tools designed to extract data, business logic and security information
from legacy apps so they’ll run in cloud-computing environments.
Even at their best, Queplix and its competitors — master data management (MDM) providers such as Siperian and Initiate Systems
— convert only a portion of the application and data, leaving the end-user or service provider to deal with the rest, according to John
Abbott infrastructure analyst at The 451 Group, who published an evaluation of Queplix recently. Yaskin estimates Queplix’ best shot automates
85 percent of the migration. When will the situation improve?
VMware, which bought application-virtualization-developer Springsource earlier this year, is working on the problem, but not for legacy
applications. Smaller companies such as the Israeli firm Gizmox will put an AJAX GUI on a legacy app and run that in the cloud, but don’t take
care of its guts.
SAP and IBM — both of which have extensive custom-development and migration divisions — are also working on
legacy-to-cloud migration tools, as is Oracle and Cobol-stalwart Micro Focus, Abbot says. So does Oracle, which is adopting technology
developed by Sun.
Follow everything from CIO.com on Twitter @CIOonline.