Wednesday Feb 03, 2010

Is Your Head in the Clouds? Or is it Elsewhere?

Is Your Head in the Clouds? Or is it Elsewhere?

Everybody, it seems, wants a cloud today. "Cloud Computing" has captured the imaginations of the trade press, IT managers, CTOs, and profit-hungry vendors of computing infrastructure software and hardware. But for those who claim they want cloud-like data centers, do they really know what they are asking for and what they truly need? Probably not, from what I've observed recently, and their confusion is understandable given the myriad self-serving definitions of cloud computing.

A reasonably objective definition of this supposedly new method of providing IT services can be found at NIST, the US Government's National Institute of Standards and Technology. A fully implemented "public cloud", according to NIST, includes these essential characteristics:

On-demand self-service: cloud users can unilaterally provision computing capabilities such as server time and network storage automatically without requiring human interaction with each service's provider.

Broad network access: all services are available over the network and accessed through standard mechanisms using "thin" or "thick" client devices (smart mobile phones, laptops, and desktop PCs).

Resource pooling: computing resources are pooled to serve multiple consumers using a multi-tenant model, with different physical and virtual resources dynamically assigned and reassigned according to each consumer's demand.

Rapid elasticity: services can be rapidly and automatically provisioned to quickly scale out and be rapidly released to quickly scale in.

Measured Service: resource usage can be monitored and controlled, allowing for chargeback to tenants only for the resources consumed.

Obviously, not all IT departments will shut down their data centers and host all their services on public clouds, so they express interest in building "private clouds" or in transforming existing infrastructure into cloud-like services. But are ALL the features of the NIST cloud model required for such efforts? Not if you're not implementing a multi-tenant environment, already own hardware resources that can be repurposed, and don't need to implement usage based chargeback to your internal clients.

In fact, many IT departments that claim a need for private cloud computing are mainly interested only in self-provisioning and efficient consolidation, requirements that can often be met with modern virtualization and distributed computing technologies, including grid computing and even with traditional large-scale SMP/multicore systems.

So, think before you put your head in the clouds. Identify what your technology goals and resources are, and implement only the solution components you need. Call it a "cloud" if you must, but remember that this "new" way of computing is in part just a repackaging and renaming of traditional technologies only some of which may be relevant to your policies and mission.

Thursday Nov 05, 2009

The 9th Fallacy of Distributed Computing

The 9th Fallacy of Distributed Computing

While working recently with colleagues and customers to define and architect public and private "cloud computing" systems and to explore the technical challenges of implementing such systems, I was reminded of Peter Deutsch's observation in 1994 of the Seven Fallacies of Distributed Computing along with the Eight Fallacy added in 1996 by James Gosling:

  1. The network is reliable.
  2. Latency is zero.
  3. Bandwidth is infinite.
  4. The network is secure.
  5. Topology doesn't change.
  6. There is one administrator.
  7. Transport cost is zero.
  8. The network is homogeneous.
Although others have suggested additional fallacies, I think a critical cloud computing issue clearly suggests what the ninth one should be:
  • 9. Location is irrelevant.

By suggesting this fallacy I mean the assumption that where computing happens and data resides is not an issue in today's massively connected global Internet. With sufficient connectivity and bandwidth, you might assume that outsourcing your computing services, possibly even outside your home country, is simply a matter of economics. This is clearly false. While end users of public cloud based applications may not be aware that or even care that their computation is occurring on some randomly and dynamically assigned set of virtualized servers which may change even as they use them, nor be concerned about precisely what storage devices are dynamically assigned to host their data, nevertheless these resources do indeed have physical presences which tie them to specific locations that have geographic and jurisdictional characteristics.

The overall stability and reliability of a cloud provider data center depends in part on its geographic location - its proximity to sufficient power and cooling resources, and its safety from natural and man-made disasters. That's why Google has built data centers close to power generating facilities and why Switch Communications built its huge SuperNAP center in geologically stable and meteorologically quiet Las Vegas.

But even more critical than physical location is the legal jurisdiction in which your computation occurs and where your data resides. Laws governing privacy, data ownership, intellectual property, monitoring, and auditing vary from state to state in the US and globally from one country to another. And pinning down the exact location of a global distributed IT service is difficult. In the event of legal disputes over liability or disclosure issues, where will cases be tried? Many such jurisdictional questions remain unanswered, and some countries are reacting with understandable caution about sharing global computing resources. Canada, for example, has prohibited the use of US data centers for certain government projects due to concerns about the provisions of the US Patriot Act, and India is considering legislation requiring IT business services to originate within the country.

So, if you haven't already frightened yourself examining the myriad cloud security issues, google for "cloud computing" with "jurisdiction" for some additional reading material. You'll find that, as with real estate, location is anything but irrelevant.

Some references:

Cloud Computing Brings New Legal Challenges
The Determination of Jurisdiction in Grid and Cloud Service Level Agreements
Legal Implications of Cloud Computing
The Boundaries of Cloud Computing: World, Nation or Jurisdiction?




« April 2014