The Argument Against the Dumb Cloud
Jim Starkey
- If cloud providers enjoy economy of scale, they can set pricing that covers their costs, gives them a profit, and is still competitive with small to medium scale data centers.
- The nature of business that promises on-demand resource to all comers must keep a reserve capacity fallow. It has no alternative but to roll the capital cost of idle resources into their pricing. In other words, a cloud provider promising capacity on demand must charge existing customers resources installed but not billable to not-yet-customers.
- It's worse than that, because the fixed cost of a new data center
must be borne initially by few servers than target capacity. Real
estate, power, and cooling are upfront costs that have to be paid.Â
Servers can be installed incrementally; power handling, cooling, and
square footage must be installed in large hunks.
- An expanding cloud provider is likely to have a cost per server greater than a smaller facility running at a significant fraction of capacity.
- A significant economy scale allows a cloud provide to absorb there costs and remain competitive.
- If there isn't a major economy of scale, the cloud provider must charge a large premium.
The Dumb Cloud is expensive now, and is likely to remain so. Unused capacity and infrastructure must be funded by either economy of scale, premium pricing, or both.
This is why I think the Dumb Cloud is, well, dumb.
This is not to dismiss cloud computing. Cloud computing based on value added makes all the sense in the world. Amortizing development bucks over a large customer base is what made Microsoft, and will make the cloud. But the cloud provider has to add value to computing, not just sell hosted VMs.  A non-stop, arbitrarily scalable platform is valuable and will easily justify a premium over hardware costs. Data storage guaranteed available is worth significantly more than the 1TB drives from Best Buy. On the other hand, making a business by selling a commodity cheaper is next to pointless.
So, ladies and gentlemen, let's stop wasting our time talking about pricing, capex, and opex. Instead, let's talk about value and what the cloud can do that other platforms can't.
-- Jim Starkey President, NimbusDB, Inc. 978 526-1376
Dan Kearns
For sometime, I've been challenging the claims of economy of scale. Most consider this a secondary issue, barely worth considering. Let me explain why economy of scale is critical to the survival of the Dumb Cloud (e.g. EC2). Here is the argument:
- If cloud providers enjoy economy of scale, they can set pricing that covers their costs, gives them a profit, and is still competitive with small to medium scale data centers.
- The nature of business that promises on-demand resource to all comers must keep a reserve capacity fallow. It has no alternative but to roll the capital cost of idle resources into their pricing. In other words, a cloud provider promising capacity on demand must charge existing customers resources installed but not billable to not-yet-customers.
- It's worse than that, because the fixed cost of a new data center must be borne initially by few servers than target capacity. Real estate, power, and cooling are upfront costs that have to be paid. Servers can be installed incrementally; power handling, cooling, and square footage must be installed in large hunks.
- An expanding cloud provider is likely to have a cost per server greater than a smaller facility running at a significant fraction of capacity.
- A significant economy scale allows a cloud provide to absorb there costs and remain competitive.
- If there isn't a major economy of scale, the cloud provider must charge a large premium.
- Doesn't any other approach also require capital expenditure, and at a higher relative cost?
- Wouldn't smaller installations' access to capital be more expensive?
- What's the relation between the capital costs and the economies of operational cost?
- Over what time frame are you assuming the capital costs are inserted into the pricing?
- Do you include the ongoing costs of commissioning hardware?
- How much extra capacity are you imagining is necessary to be "practically infinite"?
- Wouldn't you expect demand-response style pricing to appear at some point?
-d
Jim Starkey
>
>
> On Wed, Mar 18, 2009 at 8:04 AM, Jim Starkey <jsta...@nimbusdb.com
> <mailto:jsta...@nimbusdb.com>> wrote:
>
> For sometime, I've been challenging the claims of economy of
> scale. Most consider this a secondary issue, barely worth
> considering. Let me explain why economy of scale is critical to
> the survival of the Dumb Cloud (e.g. EC2). Here is the argument:
>
> pricing that covers their costs, gives them a profit, and is
> still competitive with small to medium scale data centers.
> all comers must keep a reserve capacity fallow. It has no
> alternative but to roll the capital cost of idle resources
> into their pricing. In other words, a cloud provider
> promising capacity on demand must charge existing customers
> resources installed but not billable to not-yet-customers.
> center must be borne initially by few servers than target
> capacity. Real estate, power, and cooling are upfront costs
> that have to be paid. Servers can be installed
> incrementally; power handling, cooling, and square footage
> must be installed in large hunks.
> server greater than a smaller facility running at a
> significant fraction of capacity.
> there costs and remain competitive.
> must charge a large premium.
>
> You have an implicit unsupported quantitative assumption on the
> relationship between the capital costs, operational costs, and pricing
> here. So without the numbers your argument is not possible to evaluate.
>
> at a higher relative cost?
> * What's the relation between the capital costs and the economies
> of operational cost?
> * Over what time frame are you assuming the capital costs are
> inserted into the pricing?
> * Do you include the ongoing costs of commissioning hardware?
> * How much extra capacity are you imagining is necessary to be
> "practically infinite"?
> * Wouldn't you expect demand-response style pricing to appear at
> some point?
>
> Incidentally, EC2 does not promise on-demand resource to all comers.
> If you want more than N nodes, you still have to talk to a person
> (where N changes over time).
>
General rule of thumb in the technology world: If you need an MBA to
tell you that you're going to make money, you're gone to loose money.
This industry is chock full of expenses surprises. If margins are so
thin that you need Black-Sholes to find them, you either have a problem
or will have one soon.
The cost argument are bogus as hell, as I think everyone recognizes. To
make money, a company has to have strong margins that come from value
added and differentiation, not electricity rate arbitrage.
Debashish Sarkar
technologies, and thus earn our livelihood.
Wake up... we are in a recession... we need to be able to leverage our
innovations and avoid getting beaten down by cheap labor from elsewhere in
the world.
A growing number of businesses are focussing on virtualization - not just
because some one developed a cool technology - but because it provides an
ROI. Yes virtualization is cool AND it provides an advantageous ROI.
Debashish Sarkar
Strategic IT Advisor
--------------------------------------------------
From: "Jim Starkey" <jsta...@nimbusdb.com>
Sent: Wednesday, March 18, 2009 10:49 AM
To: <cloud-c...@googlegroups.com>
Subject: [ Cloud Computing ] Re: The Argument Against the Dumb Cloud
Jim Starkey
> Economy of scale is the only way we can justify use of innovative
> technologies, and thus earn our livelihood.
>
> Wake up... we are in a recession... we need to be able to leverage our
> innovations and avoid getting beaten down by cheap labor from elsewhere in
> the world.
>
> A growing number of businesses are focussing on virtualization - not just
> because some one developed a cool technology - but because it provides an
> ROI. Yes virtualization is cool AND it provides an advantageous ROI.
>
>
Good point, but you have it backwards. EC2 is much more expensive than
owning and operating a server, even if the server is amortized over a
single year. Or less.
Chris Marino
1. I don't like the term 'Dumb Cloud'. It implies little or no value. Jim, you yourself argue that the Dumb Cloud will be premium priced because 'A non-stop, arbitrarily scalable platform is valuable and will easily justify a premium over hardware costs.' Non-stop, arbitrarily scalble doesn't sound so dumb to me.
2. I don't believe that you're really going to need a lot of extra capacity to promise 'on-demand resource to all comers'. What's the marginal cost of running another vm instance of on existing hardware? Pretty close to zero, even at modest scale. As Randy Bias (CTO GoGrid) describes in his recent blog post: The cloud is multi-tenant. If you don't offer an SLA you can run with significantly lower spare capacity. I think this changes the ecomomics of this kind of cloud. [I don't think the cloud *has* to be multi-tenant, but that's a different topic].
3. As I've argued on a previous thread, I think this kind of cloud is going to become indistingusable from Managed Hosting and the elasticity premium is going to erode.
CM
Jim Starkey
> My thoughts on this, in no particular order...
>
> 1. I don't like the term 'Dumb Cloud'. It implies little or no value.
> Jim, you yourself argue that the Dumb Cloud will be premium priced
> because 'A non-stop, arbitrarily scalable platform is valuable and
> will easily justify a premium over hardware costs.' Non-stop,
> arbitrarily scalble doesn't sound so dumb to me.
no added value. A scalable application platform is *not* a dumb cloud.
Neither is S3.
Technologies -- databases, services, application platforms, and others
-- are evolving that scale beyond the limitations of single machines.
That is where we need to go.
> 2. I don't believe that you're really going to need a lot of extra
> capacity to promise 'on-demand resource to all comers'. What's the
> marginal cost of running another vm instance of on existing hardware?
> Pretty close to zero, even at modest scale. As Randy Bias (CTO
> GoGrid) describes in his recent blog post
> significantly lower spare capacity. I think this changes the
> ecomomics of this kind of cloud. [I don't think the cloud *has* to be
> multi-tenant, but that's a different topic].
widely believed, for example, that Amazon promises the capabilities
suggested by their instance types, and capacity is there for the
asking. But, yes, they are within their rights to fire up another VM on
an overloaded server and stay within their SLA.
To actually deliver elasticity they require reserve capacity, reserve
capacity is expensive, somebody has to pay for it, and the existing
customers are the only checkbooks on the block.
>
> 3. As I've argued on a previous thread, I think this kind of cloud is
> going to become indistingusable from Managed Hosting and the
> elasticity premium is going to erode.
business model.
>
> CM
>
> On Wed, Mar 18, 2009 at 8:52 AM, Dan Kearns <dan.k...@gmail.com
> <mailto:dan.k...@gmail.com>> wrote:
>
>
>
> On Wed, Mar 18, 2009 at 8:04 AM, Jim Starkey
> <jsta...@nimbusdb.com <mailto:jsta...@nimbusdb.com>> wrote:
>
> For sometime, I've been challenging the claims of economy of
> scale. Most consider this a secondary issue, barely worth
> considering. Let me explain why economy of scale is critical
> to the survival of the Dumb Cloud (e.g. EC2). Here is the
> argument:
>
> and is still competitive with small to medium scale data
> centers.
> has no alternative but to roll the capital cost of idle
> resources into their pricing. In other words, a cloud
> provider promising capacity on demand must charge
> existing customers resources installed but not billable
> to not-yet-customers.
> target capacity. Real estate, power, and cooling are
> upfront costs that have to be paid. Servers can be
> installed incrementally; power handling, cooling, and
> square footage must be installed in large hunks.
> significant fraction of capacity.
>
> You have an implicit unsupported quantitative assumption on the
> relationship between the capital costs, operational costs, and
> pricing here. So without the numbers your argument is not possible
> to evaluate.
>
> expensive?
> * What's the relation between the capital costs and the
> economies of operational cost?
> * Over what time frame are you assuming the capital costs are
> inserted into the pricing?
> * Do you include the ongoing costs of commissioning hardware?
> * How much extra capacity are you imagining is necessary to be
> "practically infinite"?
> * Wouldn't you expect demand-response style pricing to appear
>
> Incidentally, EC2 does not promise on-demand resource to all
> comers. If you want more than N nodes, you still have to talk to a
> person (where N changes over time).
>
> -d
>
>
>
>
>
> >
Rao Dronamraju
I am not sure if this has been discussed before in this group as I am a
relatively new member.
I was wondering if there is a list of top 10 impediments to Cloud adoption.
I would think based on my research, DATA security, privacy and trust seem to
be the top concerns before anyone especially CXOs of an enterprise or even
SMB folks would let their data centers be migrated to Clouds Service
Providers even if the CSPs are big wigs like HP and IBM, who might be in a
position to sign highly reliable SLAs and throw their reputation on line for
the business.
I was wondering if Cloud adoption would happen in phases in such a way that
the DATA might still remain with the company that outsources its IT
PROCESSING. So basically, the web tier, application/middle tiers would be
the first candidates to be migrated and still keeping the DATAbases or just
the STORAGE on which databases reside, at the premises in the early phases
and the data tier in later phases. This way the company would still retain
atleast TRUST, SECURITY and PRIVACY to a large extent within their CONTROL.
If this is one scenario, then would there be enough bandwidth on the WANs to
accommodate the backend traffic on the WANs or the web/internet, as this
traffic today is generally within the data center SAN/NAS infrastructure.
This brings up another question, what about the non-database content,
websites and other content, which might reside today in the tier 1 and/or
tier 2, where will it reside in this scenario?..
Is this content as high in priority in terms of security, privacy and trust
as the database content?...probably depends on the customer?.
Thanks
Rao
Randall Minter
But if you want 10, here you go:
0) It's all hype, so it'll cost way more next year.
1) My data could disappear and I have no recourse
2) My data is hacked and competitors will get my secrets
3) My data is locked up and I want to leave but can't
4) My site popularity explodes and I can't afford the scalability
5) Cloud sales/marketing is confusing, because no one knows what they are talking about
6) It's too good to be true, so it probably is
7) Downtime is real, what do I do when I can't get to my stuff
8) Who do I yell at when something breaks
9) Consumers' lack of control of the underlying bits and pieces
10) You're all stupid, this is just a grid, been around for decades!
11) What happens if the network fails
12) I want to run it behind my firewall
13) There are no standards, so obviously you're making this up as you go!
14) You're a startup, what if you go out of business!?
15) If 1 person can do the work of 10, I'll have to fire people, so I'll have less power.
16) How do I wade through the vaporware?
17) I can't find anyone to pay to make this work for me
18) I don't want to learn something new
19) It can't do this one tiny thing, so forget all the benefits too!
20) The United States government is going to snoop through my belongings
Ok, that's more than 10, but sums it up pretty well. Some are a bit repetitive I know. The question is, how to respond to these complaints and get your stuff sold. Here's what I say:
0) It's all hype, so it'll cost way more next year.
We've been eating our own dogfood for years. It's faster, cheaper, and higher quality. Amazon has been reducing prices over time. Some costs may increase, but if this is the case, you got 1 year for cheap! :D Look to the smugmug case study for an example of how much money can be saved in the cloud.
1) My data could disappear and I have no recourse
Most clouds are backed up to multiple locations on a daily basis. You can implement programmatic backups more often than that if your application needs it. Don't pay for a service that won't let you get your data out quickly and easily.
2) My data is hacked and competitors will get my secrets
Any computer connected to the internet is hackable. Anyone who tells you otherwise is lying -- run from them. All I can say is that if your data can be hacked, our data can be hacked. We take the the utmost of care to prevent it, but it's impossible to prevent it. Lock it down as tightly as possible. Test regularly. Take all known precautions. Wade into the cloud. Pay a hacker squad to find bugs and entry points. I believe not all data belongs in the cloud. I work for a Platform as a Service provider and we keep some of our data behind our firewall. Anyone who tells you moving to the cloud is an all or nothing should be ignored entirely.
3) My data is locked up and I want to leave but can't
Anything that abstracts a lower level process into a higher level process affords the end user a level of convenience that may not be had somewhere else. This fear is unavoidable, but no different than data behind a PHP app or a .NET app or a Java App. If those languages disappear you have to rewrite them. This has been happening for decades and will continue to happen. Try to pick a standards based provider so the transition is as easy as possible. Don't pay vendors with intentional lock-in. Let them go extinct.
4) My site popularity explodes and I can't afford the scalability
Monitor your site. Put traffic governors in place to avoid this. Don't scale automatically. Really though, this is a good problem if your site makes money for you. If your website isn't making you more money than it costs to run, chalk it up as advertising and bill it to another department or change your business model.
5) Cloud sales/marketing is confusing, because no one knows what they are talking about
The cloud is the cutting edge of the bleeding edge. The questions being answered now have never been asked before. Sales and Marketing are generally the least technical among the teams. Journalists are confused. Everyone is confused. Lots of companies are doing a real disservice to other companies by confusing potential customers with jargon and nonsense. It hurts us all. If the company spends more money on marketing than technology, look somewhere else.
6) It's too good to be true, so it probably is
It's true. It's a paradigm shift. It really is cheaper and better and faster. There are lots of case studies out there, but no one is talking because no one wants their competitors to know how to do it cheaper.
7) Downtime is real, what do I do when I can't get to my stuff
Reflect on all the productivity gains when it wasn't down. Pause for a second. Most likely, service will resume. I know it's quite frustrating when you can't get to your applications, but try to remember that you're saving tons of money and able to expand the horizon of possibility tremendously because you are using the cloud at all.
8) Who do I yell at when something breaks
Who do you yell at when your computer crashes or your hard drive crashes? The first step is to figure out what broke. Then, as politely as possible, call someone at the location of failure and let them know. Odds are, they're already on it. If they eat their own dog food, their systems are down too and you can bet they are working diligently to rectify the situation. It's almost certain that you are not the only one impacted by a cloud failure at any level.
9) Consumers' lack of control of the underlying bits and pieces
This is true, but imagine if you were still feeding punch cards into big honking machines clanking away. The ability to forget about the underlying bits is a blessing, not a curse. This is what you want, it's called progress.
10) You're all stupid, this is just a grid, been around for decades!
Well, sort of. Grid computing is a bit different than the cloud. What we are doing here is giving you access to grid style scalable computing in exchange for a credit card number. I'm not sure you could get access to a grid for that, but yeah, it's similar to a grid.
11) What happens if the network fails
Some platform providers allow you to work offline and synchronize when the app comes back. This is really the same as #7 above. Sometimes the cloud is unavailable. Some clouds and platforms can be run behind your firewall so network risk is reduced, but even within your corporate network, sometimes things go wrong. I was raised in rural America and our power went out all the time. Sometimes for hours and days. It's amazing how dependent we have become on things like this and how violent we can feel when we access stuff. Anger management courses may help.
12) I want to run it behind my firewall
Okay, this is possible with a variety of cloud infrastructure and software. Lots of people want you to believe it's not a cloud if you aren't paying someone else to manage it, but I don't really care too much about semantics. What I care about is this: It's cheaper, it's better, and it's higher quality. That's true of the paradigm, regardless of location and who manages it. If you have lots of idle servers, cloudify them -- please.
13) There are no standards, so obviously you're making this up as you go!
Innovation happens before the standards. Early adopters do endure a bit of risk here. What we all hope through this is that standards evolve and it's easy to adapt our existing systems to them. Standards slow us down in the beginning, but we'll work it out eventually. This has been the trend in computing for many decades now and I don't believe it will change. Try to pick a platform that strives to adhere to existing standards. There are some.
14) You're a startup, what if you go out of business!?
This is a risk with any new technology. Coghead went out of business for example -- shame on SAP! SAP's greed has tarnished all of our reputations. Look to companies with vision. Look for conflicts of interest. Look for startups who eat their own dog food.
15) If 1 person can do the work of 10, I'll have to fire people and I don't want to do that.
I'd argue that you could keep those people and make them more productive with the cloud. Redirect their talents and train them to use the new technology. The goal of automation is to make lives better. The best and the brightest among your organization will adapt and grow and be better employees because of the cloud. Your organization will be leaner and meaner. This is what you want. Give your employees the chance to step up and accept this new vision. Take a portion of the money you save and spend it on training and betterment of your organization. There is still a lot of work to do, even after all the automation.
16) How do I wade through the vaporware?
This is a personal pain point of mine. There are a lot of vendors out there saying they can do things they just can't do. Look for free trials, test out the service, call someone and talk to them. Get a webinar. Ask for references. If you can't get someone on the phone to talk to, be wary. Some signs to look for in vaporware are a lack of demos on the website. The requirement to enter contact information before seeing anything. This is a text book market for lemons and it's difficult for consumers. Lots of organizations are capitalizing on potential customers' confusion. If you feel pressured or hard sold, go somewhere else, take your time. Look for reviews and talk to people about their experiences. Same as any new market really.
17) I can't find anyone to pay to make this work for me
Yes, this is a hardship right now. There is a dearth of talent, but the talent pool is growing. Be patient. Look under rocks. Spend a bit of money on training. There's a high likelihood that it'll pay for itself in the short run and long run.
18) I don't want to learn something new
The cloud probably isn't for you. This is the nature of technology and evolution. It's the curse of progress. If you don't want to learn something new, someone will eat your lunch. Otherwise, you're going to have to pay someone to learn it for you. In most cases, the new thing you'll have to learn is probably easier than what you had to learn the last time to get where you are now, but yeah, it's a hamster wheel. That's why IT people cost so much money. It's hard to keep learning constantly.
19) It can't do this one tiny thing, so forget it!
I encourage customers to evaluate systems based on what they can do, rather than what they can't do. A hammer can't drive a screw very well, but it can drive a nail. Look for the nails. Sometimes the cloud is not the right tool for the job. A VPS or a managed server may be better for you. Sometimes the one tiny thing is a deal breaker. Sometimes it's an excuse to say no. Is there
a work around? Is it actually better that you can't do that thing? It very well could be.
20) The United States government is going to snoop through my belongings
This is a real concern for many. Laws and regulations differ by country. Borders are one of my personal pet peeves. I think they are pretty ridiculous on many levels, but alas, we must endure irrational decisions from politicians guided more by fear and greed than reality. My suggestion would be to look for a cloud or platform provider who can host your data in another country that has laws more suitable to your needs. Unfortunately, the laws in the United States are negatively impacting the adoption of innovative products in the cloud space.
- Randall
CTO, Qrimp.com
http://www.qrimp.com
-----Original Message-----
From: "Rao Dronamraju" <rao.dro...@sbcglobal.net>
Sent: Wednesday, March 18, 2009 4:09pm
To: cloud-c...@googlegroups.com
Rao Dronamraju
Randall,
I think you have some excellent points in the list you have provided but
there are some real real-life concerns with respect to CloudSourcing
enterprise businesses.
For instance, let us take the example of say Bank of America's data centers
being outsourced on a Cloud of a Cloud Service Provider.
Do you think BofA CIO would be convinced with any of the arguments you have
put forward to allay his/her fears. I think their fears are not unfounded
considering what is at stake, account information of millions of customers,
security and privacy of these accounts and reliability and availability of
say on-line banking operations etc, would affect their business with their
customers and may be even with govt. regulators. Today all these enterprise
customers have come to this stage of providing service to their customers by
laying the data center/technological foundation, or built their
infrastructure over decades if not years and you go to them ask them to
CloudSource them without adequate SLAs and security, privacy, trust,
reliability, availability, performance being provided, forget the Clouds, it
is never going to happen.
I think there is no way around addressing the genuine FUD of such customers
and it needs to be and can be done through technology and services.
Rao
Randall Minter
Some fears are rational and as such, I wouldn't go to BofA and suggest they put customers' banking records in the cloud. If I was a BofA customer, which I am not, and found out that BofA put all their customers' data in the cloud, I'd find a new bank.
I reiterate: Moving to the cloud is not an all or nothing decision.
That being said, there are myriad ways BofA could save money with cloud computing. I would suggest, for example, that BofA could, among other things, put their static website content out there. Any content that is provided to the public is a good candidate for the cloud. They probably have at least tens of servers, maybe hundreds powering their external website and they are on 24/7 even though they only need a few to handle the traffic at 3am.
They could put their branch locator out there. They could buy an enterprise license of our platform and install it on their own cloud infrastructure behind their firewall and save, I imagine, millions of dollars a year on application development costs. They could easily publish data from inside to outside. They could run their online banking system on a private cloud behind their firewalls and allow it to scale automatically at the end of the month when people are wondering if they'll be able to pay the rent. These things are nails that can be driven by the cloud hammer. Customers' banking records are a screw and there are screw drivers for that.
More concisely, for a company like BofA, I would suggest a hybrid approach where they run some applications behind the firewall and some applications outside the firewall. This will be the best solution for many institutions that already have or can afford their own data centers.
As with any decision, you have to evaluate the risk/reward ratio. There are very real risks in the cloud right now, which I mentioned in my list. There are also very real rewards in the cloud to be had by almost every company that exists today.
Miha Ahronovitz
Randall, why don't you call grimp.com a cloud? It (1) always has resources for the applications deployed, and (2) yours customers' customers are paying for what they use. Or don't they?
You claim you are PaaS. Who cares? You are also a bit of SaaS and GaaS (Grimp as a Service). So if you have resources and you bill and users don't give a damn what you have inside the grimp, you have a cloud.
And based on the (1) and (2) points definitions above, BofA IS already a cloud. The customers of BofA cloud are the one who have money or loans or credit cards, etc with this bank. Sure I do not pay for the service making transfers directly, but indirectly because I bring business to the bank.
I see absolutely no business reasons, - it is outright irational for bank, - any bank, to offer as a service to access their customers records! Why would they? To offer a competitor access to their customer data? To offer thieves materials? To do some co-marketing, that a bank should not care about for few cents per record?
Quite the contrary. BofA cloud exposes the services INDIVIDUALLY to each customer with security provisions to mkae sure the account holder and only the account holder has access from the BofA cloud to records that belong to and are clearly identified with the account holder.
I see no connections between the concern for security and cloud as a business proposition. Both are separate issues, unrelated, in the sense that having a cloud, neither increases, nor decreases the security level absolutely necessary for a Bank to operate.
I am a BofA customer for 10 years :-)
Miha
Warren Free
Slightly of the subject of the group, but something to consider when thinking about the security of data within the cloud is whether that data is more secure in the cloud or on a Bankers laptop left in the trunk of their car?
Whilst there is a concern about the security of the data if it is stored within the cloud surely any CIO is also concerned about the data when it leaves the office on an employees laptop?
My $0.02.
Warren
--
Warren Free
Business Development Manager
Read my blog at www.virtualnetworkpartners.eu/blog
How secure is your sensitive data? Download our free whitepaper.
www.virtualnetworkpartners.eu
Tel: +44 (0)2030 040 753 Mob: +44 (0)7812 414193 Office: +44 (0)2030 040 750
Randall Minter
I suppose many would call Qrimp a cloud -- with a Q, not a G by the way ;). We're definitely in the cloud space, but we don't sell space on hardware we own -- we use the cloud. In that way we are a customer and a provider of cloud services. I see the cloud as scalable hardware, but we build a platform that runs on top of that hardware, either scalable or not. Qrimp runs on nearly any Microsoft Windows environment, be it a laptop or the Rackspace Cloud. I try to stay away from the ambiguities of the term cloud computing I suppose and be more specific about what we offer, which is a Platform that runs on cloud infrastructure or traditional hard servers.
To answer your question about BofA, or to explain why I wasn't so clear, it is simply because I do not know how they manage their infrastructure. It seems the marketing jargon is morphing the word cloud computing to "anything accessed via the internet," but I believe this effort creates more confusion and reduces the differentiation of the cloud from the status quo. BofA may always have compute capability for their customers, but I do not know if it is because they have 100 always-on servers or infrastructure that automatically scales to meet demand. I believe a requirement of cloud computing should be the exposure of malleable compute services to the end user and BofA's websites don't do that as far as I know.
And you are right about the security issue. I've said before, many months ago, that in most cases, I believe information stored in the cloud is more secure than information stored on servers in an office and especially more secure than information stored on a laptop that easily could be stolen from a careless employee's back seat. If I knew my bank was allowing its employees to store my information on laptops, I'd find a new bank for that reason too!
> You claim you are PaaS. Who cares?
Honestly, I don't really care what you call us. When most of us got started building what it is we are building, there weren't any terms for it. Cloud computing wasn't a term. Michael Sheehan hadn't built his awesome cloud pyramid, though I like to flip it upside down to illustrate the population of users at each level. Point is, people need terms to identify things and I think the term that is most accepted for what we are building here at Qrimp is the term Platform as a Service, perhaps more precisely it would be a Hybrid PaaS because it spans firewalls.
Thank you for the opportunity to clarify. I hope that helps.
Tim M. Crawford
From: Warren Free <warre...@virtualnetworkpartners.eu>
To: cloud-c...@googlegroups.com
Sent: Thursday, March 19, 2009 3:25:55 AM
Randall Minter
You're absolutely correct. I added part of my response to the laptop issue in my response to Miha, but to get more detailed, I think data on laptops is in almost 100% of cases less secure than in data centers, but don't be fooled into believing that data centers are 100% secure. Break-ins happen all the time:
Physically
http://www.datacenterknowledge.com/archives/2007/12/19/verizon-colo-theft-in-denmark/
http://www.datacenterknowledge.com/archives/2008/07/11/another-uk-colo-theft-hobbles-ftcom/
and virtually
http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9035818
We have to be careful with arguements claiming data is more secure in the cloud, because it isn't always true. I think a lot of times we use that argument, but it doesn't sit well with potential customers. They want honesty and realism, but the use of absolutes is a red flag and they walk away.
In the old days, I had equipment in colo facilities where I could walk in and walk out with servers and no one even asked me if it was my equipment. It was of course, but the point is information and equipment theft is always a concern.
I've also been to data centers owned and managed by corporations that were literally bullet proof. Biometric scanners, card access on every door, no windows, armed guards at the gates and their own privately laid fiber between offices. Compare that to some of the stories above where thieves break in, either physically or virtually, and take out whatever they want. I think you'd be hard pressed to convince a company with a data center like that that their data was more secure in the cloud.
I think if we are going to get customers on board, we have to be honest with them and with ourselves and help them accurately evaluate the risks and rewards of the cloud. Sure, most all of them are going to save hundreds, thousands, even millions of dollars moving to the cloud, but at the same time, there are valid reasons many times to keep information where it is.
To take it to an extreme case, imagine if the United States government was running its nuclear warhead launch applications on Amazon EC2. I don't think any of us here would recommend something like that.
Miha Ahronovitz
Randall, the definition I think most people on this alias accepted, and which was taken over by Berkeley U, is this:
1. The illusion of infinite computing resources available on demand
2. The elimination of an up-front commitment by Cloud users.
3. The ability to pay for use of computer resources as needed,See our colleague blog richZ blog: http://rz-searching.blogspot.com/2009/02/cloud-computing-value-propositions.html
In my blog, I stated the cloud user as (definition developed with Nati Shalom from GigaSpaces)
- will always have all resources s/he needs
- will pay only for what it uses
- will use the (HPC) applications as a service
http://my-inner-voice.blogspot.com/2009/02/hpc-cloud-will-democratize-and.html
Note this makes abstraction of all ...-aaS -es as Jan described the abused terminology. MaaS is Miha as a Service :-) )
Oaas may mean Obama as a Service (see change.org)
All it matters if the three bullets above apply. Then we havea grid
> I see the cloud as scalable hardware, but we build a platform that runs on top of that hardware, either scalable or not
Qrimp is a pure breed cloud according to the definition above...
:)
Glenn Brunette
Randall Minter wrote:
> Hi Warren,
>
> You're absolutely correct. I added part of my response to the laptop issue in my response to Miha, but to get more detailed, I think data on laptops is in almost 100% of cases less secure than in data centers, but don't be fooled into believing that data centers are 100% secure. Break-ins happen all the time:
>
> Physically
> http://www.datacenterknowledge.com/archives/2007/12/19/verizon-colo-theft-in-denmark/
>
> http://www.datacenterknowledge.com/archives/2008/07/11/another-uk-colo-theft-hobbles-ftcom/
Communication's SuperNAP facility for our Sun Cloud offering.
Some of the details can be found here:
http://www.switchnap.com/pages/products/security.php
Having toured the site just last week, I can say that the
page does not do the site justice, but at least you can get
a sense of where we are going. Add to this issues related
to geographic placement && natural disasters:
http://www.switchnap.com/pages/disaster-avoidance.php
Let alone the 800Gbps redundant backbone supported by 26
carriers:
http://www.switchnap.com/pages/products/sinap-tix.php
and there hearty power/cooling specs:
* 407,000 square feet of space
* 250 MVA Switch owned substation
* 146 MVA of generator capacity
* 84 MVA of UPS supply
* 30,000 tons of system plus system cooling
* 4,500,000 CFM
* 30 cooling towers
* 1,500 watts per sq. ft. density
* 7,000+ cabinets
I have to say I was incredibly impressed by the facility
and was very happy to see Sun chose such a site for our
Cloud offering.
Another good article is available here:
http://computerworld.co.nz/news.nsf/mgmt/C46AAAACFD008510CC25754E00168BF8
which talks about their 100% uptime guarantee, PUE of 1.146 (which
incidentally is even better than Google's), and some of the other
security controls.
g
Warren Free
Hi Randall,
Â
Interesting, entrusting nuclear warheads to Amazon EC2 :)...
Â
I think part of the security like said in an earlier post is how the cloud is configured. Â Is the data stored within a protected environment but made available through cloud applications?
Â
I 100% agree that no solution will ever be 100% secure, there are always users to contend with and as reports all over the trade press say, users are the weak link in any system. I think being within a cloud though, certain parameters can be controlled, such as timeouts etc, which can't be on a local machine. So if Joe was to have a bathroom break in Starbucks, leaving his laptop unattended, a timeout could ask him to log in again when he gets back, all controlled from the cloud. This is harder to do with a local machine with local data as users tend to make life as easy as possible. I guess what I am thinking is a more centralised security policy than the distributed ones that can exist with a mobile workforce.
Â
Regards
Warren
--
Warren
Free
Business Development Manager
Read
my blog at www.virtualnetworkpartners.eu/blog
How secure is your sensitive data? Download our free whitepaper.
www.virtualnetworkpartners.eu
Tel: +44 (0)2030 040 753Â Â Â Mob: +44 (0)7812
414193Â Â Â Office: +44 (0)2030 040 750
Randall Minter
I don't want to rehash the definition of cloud. I'll leave that to the expert marketers, but one of my coworkers just sent me this, so I thought I'd send it to the group:
http://news.cnet.com/8301-13578_3-10194448-38.html?tag=nl.e703
> Begin Article Clip:
"The game gave me an opportunity to meet people I wouldn't normally," Carroll said. "But, so what exactly does 'cloud computing' mean?"
Cloud computing doesn't exactly have a single, simple definition--it's being pitched and implemented various ways by tech companies including Google, Amazon.com, Sun Microsystems, Cisco Systems, and Salesforce.com. In its broadest sense, cloud computing refers to having software applications hosted by a third party, rather than in-house, and accessed via the Internet. That can cut costs for users, but it also means ceding some measure of control over the systems.
>End article clip
Looks like the "outside world" still doesn't know what cloud computing is.
- Randall
Miha Ahronovitz
Randall, nice article, Let me try to translate it:
Quote: Cloud computing doesn't exactly have a single, simple definition
Translation; I Stephanie Condon a staff writer for CNET News I have no idea what a cloud is,
I search for a definition, and no one told me clearly what it is yet..
Quote: Something that cut costs for the users.
Translation: Something that makes users know how much they spend to run the applications they need
Quote: It also means ceding some measure of control over the systems.
Translation: It takes away from the users the headache to know how to administrate a data center
I will not claim there is one definition everyone should adopt. But the article is close to the answer,
I did my translation as correct. cloud computing is about a business model.
Probably in Government, the idea to bill for services is somewhat heretical.
But there are applications, like the IFB's (Invitation for bids) that lends itself to cloud computing like a glove.
Assume we adopt the cloud definitions below, and we implement them successfully, then the cloud makes money.
If the cloud makes money, then we afford any exotic technology we want, as long as it will make even more money
Dr. Pawel Lubczonok
planes, cars, hotels etc. etc. :-)