Editor’s Note: This guest post is from Ed Laczynski, founder and CTO of LTech. -MM
I talk to a dozen or so IT managers, CIO’s, and decision makers every week. My sales and business development staff speaks to another hundred or so. Looking back at the past year of business in cloud computing, we’ve come up with an anecdotal trend. IT management falls into two camps: pioneers and damsels in distress.
“Pioneers” are ready, willing, and able to take the plunge into cloud computing. They know that their job function might change, their users may go through some unrest, and their management will be tentative. However, they also know that the world is changing. The disruptive cost savings, productivity, and functionality that cloud computing provides is not worth fighting against; instead embracing it with the right mind towards managing, integrating, and operating the technology is the correct course of action. The pioneers we worked with in the early parts of 2009 are already seeing the benefits. Pride in ownership of successful deployments, savings of hundreds of thousands, if not millions of dollars, and control of their own destiny in this new era of technology give the pioneers the confidence to continue the adoption cycle of cloud.
However, “Damsels in distress” aren’t so happy about all this cloud hullaballoo. They say cloud is really all about private datacenters. Or, it’s all about some new product coming out soon from your typically enterprise software company, that promises to be a knight in shining armor – allowing them to keep the status quo and innovate at the same time. These IT folks are content with managing hundreds of servers, in costly real-estate, with even costlier software licensing. When opportunities to move to cloud computing come knocking, they yell “Get off my lawn!” and hug their servers and enterprise software licenses that surely keep them warm at night.
But business is changing. It is about interconnectedness, collaboration, and scalability. The very things the Internet was born from. The companies that were built on the Internet – like Google, Amazon, and Salesforce, have built the framework for IT and it’s ready.
We are moving from an era when your typical desk worker received 30 emails per day, to one where hundreds would be considered a quiet day. The tools of yesteryear – Notes, Exchange, Outlook, aren’t going to solve the problems of information overload that companies are being saddled with. Massively multi-tenant systems like Amazon Web Services and Google Apps have stellar uptimes and reliability when compared with on-premise or pretend cloud solutions like Microsoft BPOS, which has had enough outages to scare away only the most dyed-in-the-wool Microsoft fan. None of this is lost on sales and marketing departments, who want to innovate and keep a leg up and not be told they have to wait weeks for procurement of licenses and servers to stand up technology to win market share.
The knight in shining armor won’t show up because he doesn’t exist. The last thing companies like Microsoft can do is cannibalize their on-premise server and productivity business with cheap, effective, cloud alternatives. Even if they were willing to do it, can they really deploy the data center and scaling capabilities that their Internet-born competitors already have a decade jump start on?
The Pioneer is going to look at an IT problem, like standing up a development environment, or deploying world-class CRM, and laugh at its simplicity and cost. The damsel in distress will wait for Topaz Cloud Connection and Scalability Server 2011 Plus, Enterprise Edition (for Servers) while the competition spends more money on sales and innovation than keeping those servers warm. If you think the companies of yesterday are going to chew their own arms off to deliver you highly scalable, internet powered, cheap cloud computing, you’ll be waiting a very long time. So think hard about what technologies and IT providers you want to cast your lot with in 2010.
The company (www.ltech.com) provides products and services that connect business to the cloud. LTech has successfully completed hundreds of cloud deployments and our cloud enablement products are being used by hundreds of thousands of users worldwide.
LTech is a Google Enterprise Partner and Amazon Web Services Solution Provider.
Editor’s Note: Today’s guest post is by Sam Ramji, vice president of Sonoa Systems and former head of open source strategy for Microsoft. If you liked what you read, he has his own blog or you can follow him on Twitter. -MM
You’ve probably heard that Twitter’s API has been the primary driver for the fast growth and rapid morphing of Twitter’s service. You may know that eBay and Salesforce.com get over 60% of their usage via APIs. And in the last couple of months, you may have heard people at your company in marketing, business development, or software engineering talking about your own API. If not, you will soon.
If you’re in the retail industry, this is going to make you very busy for the next few years. APIs are a technology buzzword that basically equate to a new way to use the web. In the 90s every retailer went “online” to take advantage of the cost of sales and margin improvements that came from having an e-commerce channel. These sites enabled companies to “sell direct to millions of new customers”, and those who got online later had to race to catch up just to protect their businesses.
Now in the 2010’s there’s a new way to use the web – a-commerce, or commerce via APIs. Mobile app and web app developers can use APIs to build very cool new applications that look and behave totally unlike your core website, but use your commerce engine just like a regular affiliate. This lets them get to consumers who would never have come to your website, but love to use the app and therefore your company makes money.
While at first this may sound like nothing new, it turns out that there are a lot of new issues to manage.
The 10 New Factors of A-Commerce for IT Operations
1. Performance: API-driven demand patterns & load on infrastructure are really different from web-driven demand. Developers will often wrap a database object directly in an API rather than shielding it with a web page that limits the number of rows that will be returned; programs will use that API in unpredictable ways that will load your system differently. Added to that, many more new concurrent connections from thousands of new sources will be simultaneously hitting your backend servers.
2. Analytics: Channel sprawl is a good thing for margin, but tough on reporting. There are multiple channels that affiliates are coming through – iPhone apps, tablets, web apps – and you’ll need to provide a combined view on their activity. API traffic cannot be seen by Google Analytics or any existing web tool so you will need to figure this out.
3. Auditing: Recording the sources of the a-commerce transactions and integrating with affiliate management services to pay a-commerce partners is important. Payment disputes will happen and you need to have a trail of data to show what happened in your systems.
4. Seasonality: Preparing for holiday rush is critical in order to run a trustworthy a-commerce service. This requires not just performance forecasting and knowing what can be cached, but how to throttle low-value requests when high-value purchases are in the queue.
5. Security: The number of usernames and passwords are going to explode. Don’t make users and developers build a new username and password to use your system. By making OAuth the standard you can let users and developers log in using their Twitter or Facebook accounts. This will save you a ton of hassle managing password resets and angry users.
6. Protection: Prioritizing traffic between web visitors and API users – who has priority when your infrastructure is under load? Additionally, protecting against a-commerce threats requires filtering out XML header bombs, SQL injection attacks that come in via the API, and other new forms of attack.
7. Privacy: Ensuring that sensitive data isn’t exposed incorrectly requires knowing and controlling what customer and commerce data is leaving the firewall, staying in compliance, and ensuring PCI standards are met. In an API world, this data is hidden in XML and JSON formats which you will need to scan and manage.
8. Evolution: Unlike a website which is under your control, or under the terms of “caveat emptor” when you are being webscraped, now there are affiliates who are depending on the API working a certain way. When the development team changes their code and builds a new version of the API, you need to be prepared to manage apps that break.
9. Provability: SLAs multiply in this scenario. Make sure that you can prove that your service was up and responding when upper management comes looking for who to blame when things go wrong for a high-priority a-commerce affiliate.
10. Debugging: this used to be something that just the internal development team handled by themselves; you may or may not have been involved. Now there are a ton of new developers trying to figure out how to use your service, sending malformed requests, generating errors.
The specific combination of analytics, debugging, provability, and protection will come in extremely handy during the winter holiday season – being able to understand traffic spikes, identify misuse of your platform and removing that traffic while letting the good transactions continue to flow will be crucial in preventing downtime and maximizing revenue generating CPU cycles.
In the next articles in this series, we’ll dive deeper into each of the 10 issues listed above. Let us know which ones you’re most interested in and we’ll cover those first!
Sam brings over 15 years of industry experience in enterprise software, product development, and open source strategy. Prior to Sonoa, Ramji led open source strategy across Microsoft. He was a founding member of the AquaLogic product team and has built large-scale enterprise and Web-scale applications, leading the Ofoto engineering team through its acquisition by Kodak. Other experience includes hands-on development of client, client-server and distributed applications on Unix, Windows and Macintosh at companies ranging from Broderbund to Fair Isaac. Sam holds a Bachelor of Science degree in Cognitive Science from the University of California at San Diego, and is a member of the Institute for Generative Leadership.
SalesForce.com has been the darling of the enterprise SaaS industry, with explosive growth that has eaten away at traditional CRM vendors’ marketshare. The company’s now poised, with Force.com, to extend its dominance even farther, but former CEO Steve Cakebread says that the cloud arena is just starting to get interesting.
He said that since leaving SalesForce.com, he’s been consulting with eHealth companies, portfolio managers and Xactly, a SaaS-based sales compensation company, where he is now the chief financial and administrative officer.
Almost all of those conversations focus on one topic: The cloud will change the future of enterprise IT.
“My long-term view of the [SaaS] industry is that over the next to 10-15 years, it replaces on-premise software completely,” Cakebread said in a recent interview with the IT Watch Blog. “There’s a lot that needs to come out before then, but I’m pretty convinced today that with the architectures being put in place that nothing needs to be run on premise.”
According to Cakebread, it just makes too much sense: “Every CIO is worried about redundancy and disaster recovery. if you’re using a couple different SaaS providers, that’s something you don’t have to worry about.”
Make sure they have a solid, distributed network of data centers, and CIOs can sleep a little easier knowing that even if a cable is cut by a careless backhoe or a data center burns down, their data is safe and accessible somewhere, somehow.
Of course, with cloud computing, one chief concern (just read the ITKE forums) is security. Denny Cherry captured a prevalent feeling when he wrote that, ” If you need to be sure that your data is secure, then a Cloud platform may not be the correct choice.”
Cakebread disagrees, however, saying that more cloud vendors are becoming open about their security practices and willing to work with companies.
“The larger companies allow your IT security people to come in and look at the setup, and they come away feeling comfortable the security was as good or greater than what they have internally,” he said. The same goes with uptimee. He had the same message on uptime, performance and interoperability: No, the cloud may not be perfect, and you’ll have downtime when your Internet is down, but the uptime and reliability is still, in many cases, better than what companies are getting today so why not go with cloud?
He also said that there’s one area ripe for SaaS conquest: ERP. While there are some players in the field, like NetSuite, it’s a hugely complicated problem because of the integration, security, and uptime required. That complexity means it’s also a huge potential win for whoever can master it first and seize marketshare.
“You may say that I’m a dreamer, but I’m not the only one.” – Imagine, by John Lennon
It’s not uncommon for office workers to pine for the days before e-mail everywhere, particularly those workers tethered to the office 24/7 by the BlackBerry and its incessant e-mail chirps, buzzes or beeps. But maybe they can now start taking heart from the promise of a post-e-mail era.
Who else is dreaming with them? Well, Microsoft’s Outlook team for one. Microsoft’s Social Connector doesn’t quite put social networking on an even level with e-mail, but it’s getting pretty close: It crawls your social networks and even internal tools to present context relevant data right in Outlook, which for millions literally defines what e-mail is.
I use the term “post-e-mail” loosely and, even then, hesitatingly. For years, we’ve been promised the “post-paper” office, only to find that the proliferation of computers actually increased paper usage. But the importance of paper files certainly has decreased over the years, and by throwing social networking into it’s main communications mix, Microsoft is likely signaling that e-mail is likely taking the same path. In other words, your e-mail cup will still runneth well over, but you’ll have a wider selection at the bar to choose from.
More on Outlook Social Connector:
Project management is incredibly simple until you actually have to do it, which is why books, seminars and other aids abound. I’d heard of T-Shirt Sizing before, where team members are asked to help estimate and prioritize project elements using relative measures, rather than guessing the absolute time or manpower needed. Yvette Francino uncovered another project estimation technique, Project management poker:
Planning Poker is a technique where each team member use cards with a range of numbers to estimate effort. Typically the numbers do not progress incrementally, but are more spread apart, the higher they get. The Fibonacci series (0, 1, 2, 3, 5, 8, 13, 21, …) can be used for this. The reasoning behind this is that the larger the numbers get, the more uncertainty there is. Cohn gave us each a deck of cards and had us do an exercise in which we were given several tasks and then work in teams to estimate those tasks using the cards. If we didn’t agree on the first pass, we would explain our reasoning and vote again. In all cases, we were able to reach consensus quickly. Cohn even has made a free planning poker tool available for distributed agile teams.
Yvette has posted some videos that more fully explain why poker planning works, and there’s even a free tool to try it with your team online. While that tool is specific for Agile development teams, I would love to hear if you think, or any other project estimation techniques, are useful in your department when plotting out major projects.
Today’s guest blog post by Francois Lascelles tackles why RESTful web services matter in the enterprise, and why they’re going to matter even more in the new future. Francois is the technical director of Europe for Layer 7 Technologies, and he also blogs at SYS-CON. -Michael
As the ‘old SOA’ post-mortem reality settles, many enterprise architects are turning their attention to WOA (Web Oriented Architecture) and more lightweight REST-style Web services. REST lowers the bar of complexity for exposing Web service-type APIs. What started off as a grassroots movement is now maturing fast: RESTful Web services support is growing, standards are emerging and the debates on the comparative merits of REST vs. WS-* have given place to inclusion and rapprochement.
Cloud-based deployments are especially well-suited for RESTful Web services. Enterprises already use SaaS (Software as a Service) applications, which expose their own REST-style APIs. PaaS (Platform as a Service) offerings enable enterprises to expose their own cloud-side services. These, along with on-premise deployed services, partner services and others, constitute the new distributed SOA upon which enterprises are increasingly relying.
What can the enterprise do to leverage such deployment patterns and address security concerns? The security considerations about enterprise services being exposed, whether on or off premise, are equally important for RESTful Web services as for their WS-* counterparts.
A crucial factor to enable the management of security is standards. This is especially true in the context of a distributed SOA where an ecosystem of service zones interact with each other under varying authority. A case in point: two dominant cloud-based application platforms today—AWS and Azure. Both platforms define an HMAC-based authentication scheme but both versions are home-baked and incompatible with each other. Emerging standards will be essential to ensure consistency and richer security management. The so-called Enterprise vs. OpenSource identity ‘camps’ are not mutually exclusive. Standards like OAuth and OpenID should be considered by the enterprise; their application is broader than just social media. Along the same lines, it would be useful to define a new SAML binding specification that would be tailored to RESTful Web services.
Because RESTful Web services have a strong transport-level orientation, they tend to be network infrastructure-friendly. Yet, just as for WS-* services, these RESTful Web services receive payloads and potential message-level threats such as injections and parser attacks. Network-focused types of infrastructure do not address the content-level inspection needed. Consider SOA specialized perimeter gateways that detect message-level threats, validate compliance for XML structures, implement emerging standards such as JSON Schema Validation, enable the enforcement of rules that take into consideration identity, URIs, HTTP Verbs, etc: the ability to virtualize service endpoints at the edge is an important aspect of securing and managing their use.
As standards continue to mature and infrastructure increasingly focuses on addressing RESTful Web service use cases, expect REST to increase its footprint in the enterprise landscape in the near future.
Francois Lascelles works for Layer 7 Technologies, an Enterprise SOA and Cloud infrastructure provider. As the Technical Director, Europe for Layer 7, Francois advises global corporations and governments in designing and implementing secure SOA and cloud based solutions. Francois joined Layer 7 in its first days back in 2002 and has been contributing ever since to the evolution of the SecureSpan SOA infrastructure product line. Francois is co-author of Prentice Hall’s upcoming SOA Security book.
Interested in guest blogging for the IT Watch Blog? Contact Michael Morisy at Michael@ITKnowledgeExchange.com.
Research In Motion (RIM)’s new product features two words you don’t often see together: “Enterprise” and “Express.” Along with telecoms, good enterprise relations have long been RIM’s bread and butter, with the smartphone giant preferring to deploy its phone fleet through the proper channels, but with more end users choosing, purchasing, and bringing in their smartphones to the office, RIM’s now offering a “lightweight” version of its pricey BlackBerry Enterprise Server at a surprising price point: Free.
From the official RIM announcement:
The new BlackBerry Enterprise Server Express software will be provided free of charge in order to address two key market opportunities. First, the software offers economical advantages to small and mid-sized businesses (SMBs) that desire the enterprise-grade security and manageability of BlackBerry® Enterprise Server but don’t require all of its advanced features. Second, more and more consumers are purchasing BlackBerry smartphones and the free BlackBerry Enterprise Server Express software provides a cost-effective solution that enables IT departments to meet the growing demand from employees to be able to connect their personal BlackBerry smartphones to their work email.
The offering boasts “over 35 IT controls and policies, including the ability to remotely wipe a smartphone and enforce and reset passwords,” which covers a variety of basic business needs, and which could be a great introduction to the hundreds of management and integration features that the full BES offers.
If you use GMail, or stay current on the latest tech trends, you’ve seen Google Buzz, Google’s latest foray into real-time updates and social networking. Reactions have been mixed, unsurprisingly, but one analyst who doesn’t see too much potential overall writes that the app might find a niche audience with enterprises looking to jump start internal social computing programs.
Where Buzz, I think, has the greatest appeal is in creating a social community within companies using Gmail or Google apps as their corporate messaging environment. Buzz just fired a shot across the bow of all the social computing software or service vendors targeting SMBs. If you are already paying for a corporate Gmail service, you just got a whole suite of social tools as well.
Does Buzz have potential in your enterprise, or is it just another potential productivity hazard? I want to hear your thoughts in the comments or directly at Michael@ITKnowledgeExchange.com. I’m happy to keep your name and company confidential if asked.
Here at ITKnowledgeExchange, we’ve been working furiously to bring together the best resources on what’s in store for cloud computing in 2010. It is, after all, a rather pie-in-the-sky concept and it’s impossible to even define what “cloud computing” means without stepping on someone’s toes. In fact, in a recent discussion with an analyst, I was told that cloud computing was progressing despite its image: When pared down to a specific offering (Backup-as-a-Service, for example) the cloud became much more palatable than general “software-as-a-service” offerings in opinion polls of IT buyers.
We’ll dive into why, and the who, what, where, and when, throughout the rest of February, and in the meantime take a look through this guide to cloud computing and let me know what’s helpful and what you would like to know more about.
Frequently Asked Questions about Enterprise Cloud Computing:
- What is the future of cloud computing?
- What tools does Microsoft offer for cloud computing?
- What would it take for you to jump into cloud computing?
- The best books on cloud computing
For a deeper dive, take a look at some of these excellent cloud computing book recommendations we’ve pulled together, or suggest your own:
Books on Enterprise Cloud Computing:
- Cloud Application Architectures: Building Applications and Infrastructure in the Cloud
- Cloud Computing and SOA Convergence in Your Enterprise: A Step-by-Step Guide
- Cloud Computing: Web-Based Applications That Change the Way You Work and Collaborate Online
Have another suggestion for this list? E-mail me at Michael@ITKnowledgeExchange.com or leave it in the comments.
Want to connect directly with experts? Read their blogs to hear straight from the horse’s mouth: The pioneers, chearleaders and critics of cloud computing are often just a click away, and we’ve helped to organize the best of the best.
Top Cloud Computing Bloggers:
The list is a work in progress, so leave a message in the comments if you know of a blog to add.
What else would make this guide useful to you? Let me know in the comments or e-mail me directly at Michael@ITKnowledgeExchange.com with any additions, corrections or suggestions.
Note: I’ll be coming back and updating this list throughout February (and beyond!), so if you have suggestions to add, please leave them in the comments or e-mail me at Michael@ITKnowledgeExchange.com. Thanks! -Michael
Looking for the best reading on cloud computing? Look no further: As part of our all-in-one guide on cloud computing, we’re collecting the best blogs on cloud computing, categorized to help you find the information you need. Know a great resource that’s missing? E-mail me at Michael@ITKnowledgeExchange.com.
TMForum’s Cloud Services Initiative Group