Wednesday Jun 06, 2012

Clouds Aroud the World

At the NIST Cloud Computing Workshop this week; representatives from Canada, China, and Japan presented on their cloud computing efforts. Some interesting points made:

Canada: Building "Service Canada" cloud for all citizen services, but raised the issue of data data must be within Canada border, so they will not focus on public clouds where they don't know or can't control data location.

Japan: In response to the massive destruction of the Great East Japan Earthquake, Japan is building nation-wide cloud services to support disaster relief, data recovery, and support for rebuilding new communities.

US Ambassador Philip Verveer discussed the need for international cooperation and standards development to enable interoperability of cloud services, keeping in mind cultural and political differences. Additionally, an industry panel reported on cloud standards development, including some actual interoperability testing at Much of the first two days of the workshop covered progress and action plans around the 10 High-Priority Requirements to Further USG Agency Cloud Computing Adoption.

Thursday's sessions will cover the work of the various NIST Cloud Computing Working Groups on

  • Reference Architecture and Taxonomy
  • Standards Acceleration to Jumpstart the Adoption of Cloud Computing (SAJACC)
  • Cloud Security
  • Standards Roadmap
  • Business Use Cases

(see Working Groups of NIST Cloud Computing )

Tuesday Nov 15, 2011

What's a "Cloud Operating System"?

What's a "Cloud Operating System"?

Oracle's recently introduced Solaris 11 has been touted as "The First Cloud OS". Interesting claim, but what exactly does it mean? To answer that, we need to recall what characteristics define a cloud and then see how Solaris 11's capabilities map to those characteristics.

By now, most cloud computing professionals have at least heard of, if not adopted, the National Institute of Standards and Technology (NIST) Definition of Cloud Computing, including its vocabulary and conceptual architecture. NIST says that cloud computing includes these five characteristics:

  1. On-demand self-service
  2. Broad network access
  3. Resource pooling
  4. Rapid elasticity
  5. Measured service
How does Solaris 11 support these capabilities? Well, one of the key enabling technologies for cloud computing is virtualization, and Solaris 11 along with Oracle's SPARC and x86 hardware offerings provides the full range of virtualization technologies including dynamic hardware domains, hypervisors for both x86 and SPARC systems, and efficient non-hypervisor workload virtualization with containers. This provides the elasticity needed for cloud systems by supporting on-demand creation and resizing of application environments; it supports the safe partitioning of cloud systems into multi-tenant infrastructures, adding resources as needed and deprovisioning computing resources when no longer needed, allowing for pay-only-for-usage chargeback models.

For cloud computing developers, add to that the next generation of Java, and you've got the NIST requirements covered. The results, or one of them anyway, are services like the new Oracle Public Cloud. And Solaris is the ideal platform for running your Java applications.

So, if you want to develop for cloud computing, for IaaS, PaaS, or SaaS, start with an operating system designed to support cloud's key requirements…start with Solaris 11.

Friday Nov 04, 2011

The NIST Cloud Computing Forum & Workshops IV (Nov 2-4, 2011)

The new US CIO, Steve Van Roekel, along with senior researchers at NIST, hosted the fourth Cloud Computing Forum and Workshops this week ( ). One highlight was the release of the Draft Cloud Technology Roadmap with a call for public comments. See the Web site for the agenda and downloadable documents and presentations.

There were international participants at the event, with much friendly discussion of "openness", "interoperability", and an idealistic "One Cloud" vision of a "Cloud Without Borders". A very hopeful perspective, but perhaps a bit overly optimistic one given the current political state of the world and various governments' control of Internet access and resources.

One issue that concerns me in all this rush to cloud computing is the question of where the expertise will come from to design, build, and manage massive cloud infrastructures? Concepts such as parallel programming, scalability, virtualization, and cache management need to be integrated into CS curricula from the start, maybe even starting in high school but certainly at the undergraduate level. I don't yet see sufficient emphasis on those areas in the CS courses and textbooks offered by many universities. Without a continuous stream of knowledgeable graduates, the lack of cloud computing experience and expertise will slow the adoption of this transformative technology.

Security and trust in the cloud remain primary concerns; the NIST Cloud Computing Security Working Group has released a draft publication outlining 17 key requirement areas for cloud security ( ). Yet in spite of the current lack of mature security solutions and interoperability/development standards, it was still recommended that agencies start their cloud deployments with the expectation that expertise will evolve through experimentation, trial, and (inevitably) error.

Monday Aug 08, 2011

Oh, the irony! Cloud-to-Cloud Lightning!

Yesterday, in a case of extreme irony, real clouds struck back at human clouds when lightning hit a power transformer at the Amazon Elastic Cloud service in Ireland. "Full service recovery may take 24-48 hours", they said. This outage follows by a few months another significant EC2 disruption caused by a configuration update; not that these unfortunate episodes are unique to Amazon. But they do point to the serious cloud computing issue of putting so many eggs in one cloud basket...what are the availability, recovery, and liability requirements for users of large, multitenant cloud services? Clearly we still have a long way to go in this inevitable move to cloud computing. And such incidents imply that at least for now, cloud users may need to implement alternative availability and recovery technologies in order to mitigate the effects of cloud outages.

Wednesday Jun 22, 2011

New Cloud Security Book: Securing the Cloud by Vic Winkler

It's rare that I read a technical book straight through; I usually read key chapters and save the rest for later reference. But Winkler's book, written by an accomplished and highly experienced security professional, was worth a complete read, cover to cover. Of the recently published cloud security books, such as...
  • Cloud Security and Privacy: An Enterprise Perspective on Risks and Compliance, by Tim Mather, Subra Kumaraswamy, and Shahed Latif; O'Reilly Media Inc, 2009;
  • Cloud Computing: Implementation, Management, and Security, by John Rittenhouse and James Ransome; CRC Press 2010;
  • Cloud Security: A Comprehensive Guide to Secure Cloud Computing, by Ronald Krutz and Russell Vines; Wiley Publishing Inc, 2010
...Securing the Cloud is the most useful and informative about all aspects of cloud security. Clearly, through his experience, the author has thought through many practical issues of securing large, virtualized IT installations. His Chapter 6 on Best Practices and Chapter 9 with its valuable checklists are worth the price of the book. If you are among the many new cloud computing professionals, Securing the Cloud is an essential reference for your work.

Monday Jun 13, 2011

The Cloud = Skynet?

The Cloud = Skynet?

Humans tend to attribute magical properties to things they don't understand. Throughout history, this tendency has often resulted in fear of technology, admittedly sometimes justified. Hollywood movies have exploited this fear for decades, creating frightening tales of radiation-induced monsters and maniacal computers. Googling for "Cloud Computing" with "Skynet" yields more than half a million hits, including lengthy discussions of the supposed dangers of computers, the Internet, robots, Google, and the imagined future of cloud computing.

Computing industry luminaries have addressed peoples' unease with rapidly advancing technology, sometimes with a cautionary, warning approach such as Bill Joy's widely read Wired article in April 2000, Why the future doesn't need us, and sometimes positive and optimistic like Ray Kurzweil's The Singularity is Near. I think each of these represent the extremes in thinking about the risks and benefits of technologies such as cloud computing.

The popular assumption often made about the evolution of machine intelligence is that we will create a form of computer consciousness vastly superior in every way to that of humans. But even after decades of research in cognitive science, AI, and brain modeling at such leading centers as the the Krasnow Institute, and the Santa Fe Institute, scientists are a very long way from creating even the simplest simulations of anything we could reasonably call consciousness in large, complex, massively-connected systems [1]. And when they do, very likely they will produce the mental equivalent of a child, and will then have to deal with the issues of how conscious minds learn and grow, how they form opinions, beliefs, and biases, and how they make mistakes, to say nothing of how they self-maintain and self-repair, none of which we yet fully understand. Quite likely, we will not only create a very primitive kind of artificial consciousness, but along with it will come artificial stupidity, credulity, and other imperfections of the human mind.

So, no, the Cloud is not and is very unlikely to ever become Skynet. Nevertheless, I will continue to watch Hollywood's entertaining attempts to excite us with aliens, monsters, and crazy computers, and I will enjoy the dazzling special effects that modern computing enables. If I have any concerns at all, it's with our demonstrated inability to create absolutely reliable systems coupled with our increasing reliance on the Internet and the Cloud. Our complex, technology-dependent society has much more to fear from accidental and intentional connectivity failures and security issues than from any chance that the Cloud will become "self-aware".

[1] And no, IBM's Deep Blue chess-player and Watson Jeopardy-player hardly count as near-conscious entities; they are merely impressively fast and are very good at highly specific tasks like games and analyzing natural language.

Sunday May 15, 2011

Java Gets Cloudy

Most of the books I've seen so far about cloud computing are full of advice, "shoulds" and "shouldn'ts" about cloud concepts and architecture, security recommendations, and policy compliance, but are not much in the "how" department. Of course, there are multiple perspectives from which to view the cloud -- end user, IaaS or PaaS provider, services broker, and, of course, developers. So, how do you actually build "cloud applications"? And what programming languages and APIs should developers use to build them? Well, there are some answers available.

Recently published is Code in the Cloud: Programming the Google App Engine, by Mark C. Chu-Carroll of Google. He starts his book with cloud programming examples written in Python, but then jumps to Java and the Google Web Toolkit, a very useful set of Java class libraries and widgets that generate fast JavaScript-based Web applications.

But that's not all; JCP, the caretakers of the Java technical standards, recently approved the Java EE 7 Platform Java Specification Request which will enable Java EE applications to support the multi-tenant and elastic features required for cloud computing solutions. Oracle's developers and customers, along with those of IBM, Red Hat, and even SAP, are pleased to see the continuing evolution and support of Java technology into "the Cloud".

Hmmm..."Write Once, Run in the Cloud" has a nice ring to it, don't you think?

Wednesday Mar 16, 2011

The Cloud is STILL too slow!

[Read More]

Saturday Feb 12, 2011

Cloud Computing in words of one syllable

[Read More]

Monday Nov 15, 2010

Solaris 11 Express

[Read More]

Monday Sep 20, 2010

Oracle OpenWorld: Cloudy with a 100% Chance of Sun

[Read More]

The purpose of this blog is to highlight and to explore general issues around "Cloud Computing" -- its benefits, risks, and component technologies -- and how they are evolving. I'll also periodically comment (of course!) on Oracle's Cloud Computing capabilities, resources, and cloud-related events. -- Harry J Foxwell, PhD, Principal Consultant for Cloud Computing, Oracle Public Sector HW


« March 2015