Cloud Source Blog
In This HP Cloud Source Blog, HP Expert, Christian Verstraete will examine cloud computing challenges, discuss practical approaches to cloud computing and suggest realistic solutions.

About Public Cloud and Budget Airlines

cloud and plane.jpgOver the years I have taken many family photos, on our trips and on numerous other occasions. As I switched to digital as early as the year 1999 and as I scanned many old photographs, I now have around 350GB of photos on my systems. As many I have multiple copies on separate drives and a number of them have been burned on DVDs. But you know, I don’t want to lose the family history. So, I finally decided to keep an extra copy in the cloud. I should have done that a long time ago. But you know how these things go.

 

So, after reading many articles about how to archive photos I choose for a cloud provider that seemed to have a good and reasonably priced offer. I tested his offer out with the free trial and it worked fine. So, I subscribed for a two year plan, unlimited storage. It took a couple hours for my account to be set-up, and then my trouble started. Indeed, my personal archive is not maintained on my PC internal drive, but on a USB attached one, and by a matter of fact, a pretty large one (2TB). Well, to copy files from an attached drive, the 2 year plan I had subscribed to was not enough. I needed to pay an additional sum of money and as my disk was rather large, it would have more than doubled my costs. Was this described on their portal? Actually no. To make a long story short, after many attempts to explain them my point of view I asked for a refund, which was extremely difficult to get and is still in process. And now I’m back to square one.

 

This reminded me of a trip I bought a number of years ago for my daughter with a well-known European budget airline. The advertised price for the trip was 1 euro, I ended up paying close to 75. Why, dossier costs, taxes, extra costs for paying with a credit card where you cannot pay with anything else etc.

 

Prices in public clouds are typically very opaque. Yes, you can get a server for 3 cents per hour, but in the end that is not what you pay, because you need an IP address, disk space, you will have inbound and outbound traffic, and I could go on like that.

 

In an article titled Moore’s law gives way to Bezos law, the difference in price reduction between traditional infrastructure and cloud shows a difference in speed that is at the detriment of cloud.

But what is probably most unsettling are the hidden costs of cloud computing. Here I’m not speaking about these additional costs that are charged by the supplier, but costs you have to take into account to compare apples and apples. What I’m talking about is:

  • Integration across multiple providers and domains
  • End-to-end security
  • Integrated management

Integration across multiple providers and domains

You know your application ecosystem in a traditional IT environment. You know where they are, how they interact with their data sources. If you have architected your applications well, you have no need for duplicated information and synchronization. Using an enterprise application integration layer you have integrated your applications in your datacenter.

 

And now you move to the cloud. You consume a couple SaaS services, you have a series of applications in the public cloud, maybe some others in a managed cloud. You may also have a private cloud in your datacenter and obviously you still have legacy applications in the traditional environment.

 

Integration between those applications becomes much more complex. You will have to learn new environments, particularly if you consume SaaS services. Think about the integration between your SalesForce CRM environment and your SAP based order entry? How will you integrate those? What tools will you use? A SaaS environment forces local storage of data. But what happens if that data is also needed by another application. Well you have two options, either you can access the SaaS data from that other application and retain a single copy, or you need to set-up a copy of the data located with the application and make sure the two are kept in sync. Sure this can be done but requires some thorough thinking.

 

Indeed you will have to ensure the integration is established across the firewalls, you may have to adapt your applications so the response latency is acceptable and then you’ll have to make sure the ACID criteria (Atomicity, Consistency, Isolation, Durability) are met for your integration. You can argue that this is needed in your traditional environment too, but it’s much easier as you have most of the variables under control. In the cloud you don’t. The latency offered by your provider may not be stable, but still you want to ensure the transaction gets through once and only once, or maybe you don’t… Depending on this you may have to harden your applications so they can coop with those environments.

 

What level of access do you need between your applications and with data? Are the firewall configurations of your providers allowing you to integrate the way you used to? Do they allow you to use the same middleware or do they offer you a very specific middleware approach you have to align with. This will force you once more to go through your applications and transform them so they can work with the new middleware. So, as you see, just migrating things to the cloud may be rather complex and force you to do extra work, which obviously has a cost.

 

End-to-end security

In a traditional environment when you look at security, you think about the perimeter. You have the intranet that you control and then the extranet, whose access you limit. That allows you to keep things under control. But now, in a hybrid world, there is no way you can do that. You do not manage the perimeter anymore because part of the perimeter is the responsibility of your service providers.

 

You have to build a secure environment that is dispersed over multiple locations without full control or even visibility over the security protections in each location. That will require a thorough thinking on the one hand, and probably a re-architecting of some of the interactions between software modules. You may want to use secure connections, to use public/private keys to access functionalities so you ensure only you can access the modules, to encrypt data transfers etc. Building the end-to end security requires a serious analysis of the information flows between the applications and of how they can best be protected. It needs a holistic approach. Where can threats come from? How can they be stopped? How can valuable information be protected? What you really need to perform is a comprehensive application threat analysis. You may also want to collect events that happen within and around your applications and correlate those to ensure no strange things are taking place. But again, this requires extra investments to ensure you maintain the same level of security you had in your environment. And remember, you don’t really know the details of the security processes and procedures in place with each of your service providers. In public cloud you typically do not have that visibility. So, to feel safe you may overdo it, just because you do not have the transparency you might want to expect.

 

Integrated Management

Each of the service providers you use has a management dashboard that will tell you how well your application(s) run. But obviously that only looks at the applications within their platform. You don’t want to have to look at multiple, often different, dashboards. What you want is to continue see your whole environment as you did in your traditional world. So you will need to extract the information normally provided in each of the dashboards, collect it and integrate it with your existing management software. But you will also need to collect information on the integration points, where you are in between services. These are the vulnerable places in your topology, so you will have to take special care of them. But at the same time, these are the places where you have least tooling available. Again, it will take time and effort to regain the functionality you used to have.

 

Conclusion

Like budget airlines, public cloud may seem easy and cheap, but many features and functions that came with the environment or that were implemented easily, now require thorough thinking and instrumenting. These are hidden costs you need to take into account, and when you do that, frankly, what seemed cheap at first may look less so now. Don’t forget to compare apples and apples when making a choice. And ultimately make the best choice for what you need, but don’t compromise integration, security and management.

Labels: cloud| CloudSource
Leave a Comment

We encourage you to share your comments on this post. Comments are moderated and will be reviewed
and posted as promptly as possible during regular business hours

To ensure your comment is published, be sure to follow the community guidelines.

Be sure to enter a unique name. You can't reuse a name that's already in use.
Be sure to enter a unique email address. You can't reuse an email address that's already in use.
Type the characters you see in the picture above.Type the words you hear.
Search
Showing results for 
Search instead for 
Do you mean 
About the Author
Christian is responsible for building services focused on advising clients in their move to cloud, particularly from a business process and ...


Follow Us
The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the Terms of Use and Rules of Participation