As I leaf through the pages of my cloud scrapbook, I'm struck by how much valuable ink has been wasted repeating charges about cloud computing that just aren't true. Each year, sure as clockwork, Oracle CEO Larry Ellison tries to come up with a new putdownof the multi-tenant cloud during Oracle OpenWorld, like throwing mud against the wall to see if it sticks. Each year, the results are the same -- splat and slide, gravity beats FUD.
Let's start with security myths. I've long been interested in the supposed lack of security in the cloud and concluded that cloud operations are more secure than those of the average data center. That doesn't mean there aren't a lot of gaps and loopholes when it comes to sending your data over the Internet to cloud servers; any exposure to the public Internet contains its own hazards.
Data movement to the cloudis not a layup. But the standard of operations at Amazon Web Services, Terremark, Rackspace, Savvis and others is high enough that you can be assured of best practices on a more consistent basis than in many enterprise data centers. These centers are also going to be irresistible targets, and eventually an isolated breach will occur. Achieving security in the cloud is a journey that's just gotten underway.
I've also heard many critics say there's no definition of cloud computing, because there isn't really anything new to define. In fact, there is the NIST definition, but I'm inclined to say it's more description than definition.
The heart of cloud computing revolves around a new pattern of distributing computing power, not a new technology. In this new pattern, the end user has much more control than he used to over a powerful, remote server owned by somebody else. That control can extend up to the point where he achieves programmatic control over the server, if desired. Getting that control while engaging in one of the lowest-cost forms of computing is the heart of the cloud, an emerging relationship between the end user and publicly accessible data services.
The myths that are most difficult to bust are the ones involving cloud costs. There are many circumstances where monitoring cloud usage gets away from IT managers. They lose track of what employees have spun up; at the end of the month IT is presented with a big, surprising bill.
Before any cost comparison can be made, the cloud customer needs to know what specific operations in his own data center cost--a major research project. Some IT organizations do not have a true measure of total data center cost.
Explore my list of the top seven cloud myths that continue to bedevil prospective cloud users. Then weigh in with your opinion by leaving a comment.
Security of operations is a cloud user's number one concern -- or, at least, tied for first. It's a concern that will linger as more and more business users take their first, tentative steps with cloud services. And yet, compared to the average data center, cloud security is both more rigorous and more strenuously monitored than a heterogeneous enterprise data center's security can be. While there's a known case of a bot establishing itself in Amazon's Enterprise Compute Cloud (EC2), Amazon detected its activity, determined that it violated its rules of customer use and shut it down.
Payment Card Industry (PCI) compliant operations have been established in the cloud and the most skillfully secured facilities, such as Terremark's Culpepper, Va., data center or massive Network Access Point of the Americas data center in downtown Miami, pictured above. They've passed the Department of Defense's stringent DOD Information Assurance Certification and Accreditation Process.
It may be that users need to access the public cloud via VPN, as merely using the Internet exposes users to a predatory zone. But the cloud itself will eventually emerge as a more secure environment than the corporate data center.
Image Credit: Terremark website
Users of virtual machines (VMs) -- standard features of the multi-tenant clouds -- fervently hope that one virtual machine can't spy on another running on the same server. But extremely skillful manipulators have been able to draw conclusions about what's going on in a neighboring VM by watching what cache pages get emptied out of host memory after the spying VM has taken its turn using the server core. Since the spy just loaded the cache pages, it knows which data has been selected to be emptied out by the next user. And that, it turns out, is an indicator of what's currently executing on the processor. Ars Technica ran a piece on the phenomenon Nov. 6, noting it's extremely difficult to do, but scientists at the University of North Carolina, University of Wisconsin and RSA Laboratories demonstrated that it's possible to derive an encryption private key from this process. And there go the keys to the kingdom.
It's not clear to me how the spy VM knows which pages in the shared cache memory are being deleted if it's in its idle state, but the research shows that it does. It's still a painstaking effort to build a picture of the code executing, even when you have that information. You have to string together fragments of executing code over and over again until you get a piece of telling code. But that's what the researchers did.
So far, no one has been able to do this maliciously in a real-world setting -- or if they have, it's not publicly known. And there are fixes to prevent it. Nevertheless, it's a blow to confidence in what heretofore appeared to be the virtual server's impenetrable, logical barriers.
And the researchers' paper went a step further than simply suggesting cache page downloads were the only point of exposure. They also indicated that one virtual machine may be able to sense "the magnetic emanations" signifying types of activity by another. Again, there's no evidence anyone has made use of these findings in a malicious way, and major data centers may come up with countermeasures before they do. But no one is quite sure when this information, in the wrong hands, will be used to breach existing defenses.
Image Credit: Flickr user kellinahandbasket
My first question for those who believe the cloud costs more is: over what time period? If the cloud allows you to avoid making a capital purchase, then it will almost always enjoy a demonstrable cost advantage in the short run. But what about longer periods? This is an argument that needs a case-by-case comparison and is not possible to resolve in the general sense.
The roadblock is determining precisely how much a given IT operation costs over a three- or five-year period, versus how much it costs in Amazon Web Services EC2 or other cloud service. If apples-to-apples comparisons are hard to achieve, what's crystal clear is what Amazon is charging. This enables responsible IT admins' best estimates to be juxtaposed against known cloud costs.
The main argument supporting the cloud costing more is based on Moore's Law, which says the cost of a compute cycle is halved every 18 months by doubling output. So why doesn't cloud pricing follow a similar downward trend? It's because the cloud is a complete system, not just a standalone core or other component to which Moore's Law might apply. Furthermore, cloud computing provides services -- configuration, deployment, monitoring, chargeback and shutdown -- that an IT staff provides on premises. It's hard to assign costs to those on-premises services.
So I guess this debate is going to go on. But the cloud is automating processes that remain the charge of humans in enterprise IT. That alone ought to be a clue where both short- and long-term cost advantages reside.
Image Credit: Flickr user 401(K)2012
You would think comparing the price of an hour's worth of computing among cloud vendors would be a simple task. But cloud pricing tables quickly make it clear that the suppliers are not all that interested in encouraging comparison shopping. Nor are there common measures or shared terminology that would help establish the comparison.
Each vendor preconfigures server templates with networking and storage, then offers server sizes that typically run from micro to small, medium, large and extra-large. But nowhere is there a clear definition of these terms. A small virtual server gets a stated amount of virtual CPU power, but the Amazon EC2 virtual CPU is different from the Rackspace, Microsoft Azure or Google Compute Engine virtual CPU. One vendor's virtual server is defined with less CPU but more storage than another's. Load balancing and data movement between virtual servers is free with one vendor, and incurs significant add-on charges with another.
Potential cloud consumers get help estimating what their needs might cost from individual vendors. But calculating a comparison of charges from one vendor to another remains very difficult. Amazon further complicates the picture by varying charges slightly based on where its data centers are located. Rackspace competes for entry-level customers; Microsoft competes for developer-oriented customers; Amazon competes on its head start in building infrastructure-as-a-service and years of in-house usage before launching its public EC2 service. Savvy shoppers understand where each vendor's most competitive offerings are and buy accordingly.
Cloud computing for the most part runs on AMD and Intel commodity servers running the operating systems most common to Intel's x86 instruction set, the basis for its Xeon family and other chips. Consequently, it's possible to conclude that Windows Server and Linux are the operating systems that will dominate cloud computing for the foreseeable future. But there are a few exceptions, and one of them may catch on as an alternative.
HP is producing data center servers based on Calxeda-designed ARM chips for telecommunications firms and other customers that remain unnamed. ARM doesn't run x86 applications, but it is an energy-conserving architecture originally designed to power mobile devices. At six watts per core, versus 80-100 watts in the typical Intel server today, an ARM-based data center with hundreds of thousands of servers would save significant energy -- while also not being able to run a significant amount of software created for the x86 server world. HP is experimenting with another low-wattage server for the future data center, based on Intel's Atom chip. It uses only seven watts an hour and does run x86 software.
Then there's the example of Joyent infrastructure-as-a-service (IaaS) running its SmartOS operating system, a derivative of open source Illumos. The Illumos project was started to create an alternative provider of Solaris, which became open source code itself in June 2005. In eyes of critics, Solaris ceased to exist as an open system with the release of Solaris 11 by Oracle in November 2011. Oracle had acquired Sun and brought the operating system back in house over the intervening two years. Illumos, meant to suggest "illuminate" from its Latin root, was created by OpenSolaris advocates in 2011 as they saw the writing on the wall. Joyent's SmartOS version is expected to become more generally available for on-premises and private cloud use next year, according to company officials.
So will ARM or SmartOS replace the predominant Windows and Linux? Not anytime soon. But ARM offers big power savings advantages for the cloud, while SmartOS offers advanced reliability and self-healing advantages. Neither system should be counted out.
Somebody's proprietary software -- VMware's, Microsoft's, CA Technologies' -- will ultimately run the private, on-premises cloud. Or at least that's what that some people believe as they look at the IT manager's traditional need to have a major company backing and supporting the software.
But, when it comes to cloud computing, there's initiative on the open source code side of the ledger. Three projects, Eucalyptus Systems, OpenStack and CloudStack, are vying to establish a stronghold with developers and users, hoping to gain an edge in propelling the cloud forward. Each is innovating in virtual networking, a laggard in the reorganization of the data center around virtualization. OpenStack's Project Quantum is rich in virtual networking talent as it captures code contributions from HP, Nicira, Cisco, IBM and others.
Whether one or all of these projects can gain a rapid leading edge remains to be seen. But if any get the upper hand in implementing a more fully automated data center, thanks to the flexibility of new virtual networking services, they are likely to compete effectively with commercial software. The Linux example has made believers out of many IT managers when it comes to open source. Cloud computing may be the next place where open source systems match or surpass the proprietary competition.
It's no secret that new data centers are being built around the world to support mobile devices and cloud computing. Intel watched what markets its servers ship to and concluded that $450 billion a year was flowing into new data centers -- "one of the world's more significant capital investments," said Intel CEO Paul Otellini in October 2011.
That's a distressing development, according to an article in the New York Times Sept. 22 by James Glanz. The new data centers accelerate power consumption and lead to more carbon dioxide production and environmental degradation, Glanz wrote. InformationWeek, in response, pointed out that more computing is being done on less power, and that trend is not yet exhausted.
Furthermore, some of the computing -- say, when you're shopping on Amazon or planning a trip -- is done by moving bits around instead of moving 4,000-pound cars through cities to bricks-and-mortar stores or travel agencies. A full energy audit might find that cloud computing is more energy efficient than predecessor platforms, and many of its activities replace more material- and energy-consuming ones in the physical world.
Nevertheless, scientists may one day conclude that global warming is producing larger hurricanes on the East Coast and extended droughts in the Midwest. At that point it's possible to see government deciding global warming threatens society's survival and future use of cloud data centers must be rationed, whether that's the right decision or not.
I'm betting the electricity consumed per unit of computing will continue to decline and the productivity of work accomplished in the cloud will become a strong counter-argument to rationing. But this is an arms race that many data center architects and foot soldiers in enterprise data centers and cloud computing centers will have to win.
Image Credit: Flickr user Hythe Eye