William Vambenepe's blog

One of the heavily discussed Cloud topics in early 2009 was a  Cloud Computing taxonomy. Now that this theme has died down (with limited results), and to start 2010 in a similar form, here is a proposal for a taxonomy of the benefits of Cloud Computing.

Just like the original Cloud Computing taxonomy only had three layers (IaaS/PaaS/SaaS), so does this taxonomy of Cloud benefits. The point of this post is to promote the third layer. I describe layers 1 and 2  mainly to better call out what’s specific about layer 3.

Layer 1 (infrastructure: “let someone else do it”)

This is the bare-bottom, inherent benefit of Cloud Computing: you don’t have to deal with the hardware. In practice, it means:

• no need to worry about power/cooling,
• on-demand provisioning/deprovisioning (machines appear/disappear in a way physical machines do not),
• not responsible for physical security (though responsible for ensuring that the provider has an acceptable security level),
• economies of scale (for equipment purchase and operations),
• potential environmental benefits,
• etc…

Layer 2 (management: “let a program do it”)

More specifically, more automated IT management. This does not require Cloud Computing (you can have a highly automated IT management environment on premise), but the move to Cloud Computing is the trigger that is making it really happen. While this capability is not an inherent benefit of Cloud Computing, the Cloud makes it:

• Needed: You don’t get to put color tags on machines, you don’t get to bring a DVD to install a new application, you don’t get to open a machine to insert more memory, you don’t get to go retrieve a backup tape, label it and put it in a safe, etc. Of course loosing these “privileges” doesn’t sound bad considering that they are mostly chores, but it means that you have to design alternative (and mostly programmatic) ways to perform the functions that these tasks addressed.
• Easier: Cloud environments are highly API-driven. Many IT tools from the previous generation were console-centric (people would go out and buy “a network/event/system management console“) with APIs/protocols as a secondary thought. In Cloud environments, tools are a lot more API-centric with the console as an adjunct (anyone has stats about the ratio of EC2 instances provisioned via the AWS console versus the APIs?). This is also why even though a lot of people wanted standard management protocols (of the WSDM/WS-Management generation), there wasn’t as much of a realization of their importance in the old environment (and not as much pressure to create them and eagerness to adopt them). The stakes and visibility are a lot higher in the Cloud environments and that’s why this second wave of protocols will have to succeed where the previous one came short.
• More beneficial: Once you have automated IT management in a traditional data center, what you get is fewer employees needed and somewhat better utilization. But you are still gated by the time/process to purchase/install new machines and the cost of unused machines (at least with automation you don’t have to pay their power/cooling). You don’t get the “just what I need” level of infrastructure usage that the same automation work allows in a Cloud setting.

Layer 3 (applications: “do it right”)

In short, use the move to the Cloud as an opportunity to fix some of the key issues of today’s applications. Think of the Cloud switch as a second Y2K, 10 years later: like in 2000, not only are there things that the transition requires you to fix, there are also many things that aren’t exactly required to fix but still make sense to fix as part of the larger modernization effort. Of course the Cloud move is missing that ever-so-valuable project management motivator of a firm deadline, but hopefully competitive pressure can play a similar role.

What are these issues? Here is a partial list:

• Security: at least authentication and authorization. We have SSO/Federation systems, both enterprise-type and Web-centric and they often suck in practice. Whether it’s because of the protocols, the implementations, the tools or the mindset. Plus, there are too many of them. As applications gained mouths and ears and started to communicate with one another, the problem became obvious. If, in the Cloud, you also want them to grow legs and be able to move around (wholly or in parts) then it really really has to get fixed. Not to mention the “all or nothing” delegation model that I am surprised hasn’t yet created a major disaster (let’s see what 2010 has in store). I suggested a band-aid fix earlier, but this needs a real solution (the Cloud Security Alliance provides some guidance in this document, see “domain 12″ for IAM).
• Get remote application interfaces right. It’s been discussed, manifesto’ed, buried and lampooned many times before (this was my humble take on it). Whether it’s because of WS-* or, more likely, java2wsdl we have been delayed in this but it simply has to happen. Call it SOAP, zenSOAP, REST, practical REST or whatever you want. Just make sure that all important functions and data are accessible via clear, documented, consistent, easy-to-use, on-the-wire interfaces. Once we have these interfaces, and only then, we can worry about reliably composing/orchestrating applications that cross organizational boundaries.
• Related to the previous point, clean up the incestuous relationship between an application and its data. Actually, it’s not “its” data. It’s the data it works on.
• Deliver application-centric IT management. Quit loosing and (badly) re-creating information: for example, an application deployment followed by a black-box discovery (“what did I just do”?). Or after-the-fact re-establishing correlations between events on different servers (“what was this about”?). Application management too often looks like a day in the life of a senile person.
• Fault-tolerance and disaster recovery. It is too often lacking (or untested, which is the same) for applications that are just below the perceived threshold of requiring it to be done right. That threshold needs to be lowered and the move to the Cloud can be used to make this possible.

[You should also read Tim Bray's perspective (and Stefan Tilkov's comment) on the process/methodology/tools for enterprise applications, an orthogonal (but related) area of improvement. More fundamental.]

As I mentioned above, these are mostly not Cloud specific (though it is possible to create a Cloud connection for each). They are things that we have known about and tried to fix for a while. But the pace has been pretty slow and there is an opportunity for the Cloud transition to do more than just hand out the keys of the datacenter.

What kinds of benefits are you aiming for in your Cloud plans?

[UPDATED 2010/01/11: An interesting take on a similar topic by Brenda Michelson: 5 Enduring Aspects of Cloud Computing]

[UPDATED 2010/01/14: Along the same lines (but looking at it in the other direction), an interesting graph from Alistair Croll of Bitcurrent.]

What happens when a society gets hold of a new territory or a new technology? It usually starts by decimating the easy preys in that territory or by running wild with the technology. Using abundant resources (food, fuel or other) with abandonment, dumping waste everywhere. Then there is a crisis directly tied to this lack of restraint. Maybe an epidemic. Or starvation from the sudden disappearance of easy-to-get food (or fuel). Lack of clean water. Landslides from deforestation. Something is done to address that crisis and its direct causes. It starts with random acts of what is not yet called ecology. And then the best practices gets more widely adopted. But another crisis appears. Other changes need to be made. Eventually people start to look beyond fighting individual fires and towards managing the environment as a whole, in a way that aligns with the desired quality of life. Models are developed to better understand relationships and predict consequences. Comprehensive environmental studies appear. People take a lifecycle approach to managing the environmental aspects of development. Processes, policies and rules get defined. And of course, companies and consultants appear to help with these tasks.

This is a (widely) simplified description of how ecology appears out of necessity in developing societies and how its development is a gating factor for sustained economic development. Of course, this is the happy view, the one where the society is able to correct its course before collapsing.

Doesn’t this sound very similar to the way IT management appeared and is developing in enterprises?

When enterprises got hold of computing as a business tool, individual departments deployed applications with little planning and coordination, just to grab the low-hanging fruits of increased productivity. Then comes the crisis, a key system goes down and no-one knows what to do. Business suffers. Some early, localized, monitoring functionality is created to fix the problem. A random act of management that addresses a tactical issue. But more problems happen, the system gets more complex than niche management tools can address. Eventually people start to look at IT management more globally, to think of it as a way to align IT with business objectives. Models are developed to better understand relationships and predict consequences. People take a lifecycle approach to managing changes to the IT environment. Best practices, processes and even rules and compliance mandates get defined. And of course, companies and consultants appear to help with these tasks.

Does this parallel reveal any opportunity for one side to learn from the other? Will you hire Greenpeace to run your data center?