Above the Clouds: A Berkeley View of Cloud Computing (apologies if redundant)

[Stefan]

Interesting (apologies if redundant):

http://www.eecs.berkeley.edu/Pubs/TechRpts/2009/EECS-2009-28.html

Stefan

[Jesse L Silver]

Quite thorough, though I find it most interesting for what it omits, not what it includes (most of the smaller yet influential players).

I do like that the Berkeley team debunks claims from men such as Ellison that cloud computing is a marketing stunt and nothing more. Ellison wishes...

[Reuven Cohen]

The paper seems very biased and lacks any kind of original insights. Given the caliber of the contributors I would have expected a lot more.

Sorry, I give it a 6.5 out of 10

r/c

[Krishna Sankar (ksankar)]

Same here. I am working on a blog on some things I find a little strange in the paper. Will post it later in the day.

 

Cheers

<k/>

[Jesse L Silver]

Not disagreeing, but curious as to which bias bugs you...

[Reuven Cohen]

It's hard to put my finger on it. But there seems to be an assumption of the continued status quo in technology, but applied to the "cloud". For me cloud computing represents a fundamental shift, one that will allow anyone with an internet connection the ability to access a global cloud of opportunities previously only available to the largest companies who could afford the cost of building a global computing infrastructure.

R/c

[Gary Mazzaferro]

Both the Ellison and Stallman comments were in response to the blatant
rebranding of every kind of remote service as a cloud. There is one
company selling an enterprise version control backup appliance and
calling it a storage cloud. Unless there is some real differentiation ,
the industry will feel the backlash as with web2.0 and SOA,
unfulfilled hypre-hype where IT managers and CIOs are sick of hearing
the terms. (that info came from a study, its not my opinion).

I do like the paper, I think it provides good "third party validation"
for justifying a large organizations getting into the business. If I had
a company moving into this industry and had bunch of stock brokers
selling my companies stock, I would like to have some prominent
university validate my strategy. Its no different than IDC, Gartner
(oops are they the same company now ?) providing third party validation,
even if the companies do pay for it. --Isn't that like the chicken
watching the hen house ?

I also think its a good representation of some of the business issues
surrounding cloud computing. I do like the "obstacles" section. They do
identify many of the issues, notedly auditing.

I am disappointed in some of the statements and the way the paper
attempts to bias the reader towards some solutions without adequate
study or analysis.

Note the comment/summary about storage on page 9. They call Amazon's
Elastic Block Storage (EBS) API a standard !!!! And, everyone else's
APIs is proprietary. (hmmm) I didn't know that Amazon is a standards
body. I'm guessing at Berkeley if you publish your information on a
white page with a Verdana font its an immediately standard. On page 18,
they call blob storage "schemeless". Once you organize anything in to a
bounded, addressable vector space, it has a scheme. They also mention
that storage elasticity is a research problem. The storage industry has
had management applications to solve the exact problem for decades. What
to they think HSM (ILM) was doing in the 1970s '80, '90s and today ? or
was the concept before their birth and they didn't take the time to do
proper research ? Sorry for the rant. I just find the general ignorance
about data storage and data management very worrisome, especially when
its so important to the solvency of this computing solution.

On page 15, they mention the US PATRIOT ACT and the "concern" EU
customers may have using services based in the US. I was very
disappointed to see this statement in this paper. Its probably one of
the most ignorant statements I've heard in a long time. I feel the
comment was uncalled for and inappropriate for the paper, at least
without further study, analysis and comparison to other markets,
government policies and practices. The US advertises its security
policies, some EU governments don't; all have secret policies to
justify overriding public policies, they all do the same things. Is this
paper implying that to cloud services in the EU, Middle East, China and
India are more private than services based in the US? Maybe not, these
are students, right ? -- topic not for discussion.

The noted data bandwidth issue is important. One legitimate concern is
the lack of data bandwidth between entities fosters "lockin". Once you
make an investment in a provider, it will be very difficult to move to
another. Dynamic bandwidth provisioning could be very important to the
cloud process. Clouds could mark the end of dark fibre.

On page 16 they note the cost of a 10ge connection at $1000 and 1ge at
$100. They forgot to mention the costs of managed switches. They also
noted that bandwidth for internode communications is problem for "the
shuffle step that occurs between Map and Reduce producing" and aggregate
bandwidth is the reason scientists are not using clouds for scientific
applications. I don't even know where to start with that comment or many
of the others.

There is nothing new or innovative about this paper. In fact, it looks
like a market analysis detail from a company's business plan I just
reviewed, but the plan had more relevant detail.

I feel that this paper was a strongly influenced by the authors'
exposure to technology in RAD Lab. I find it difficult to believe this
paper was sanctioned by the university.

IMHO, I found the paper to be very disappointing and I expect more from
that university.

-gm

[Krishna Sankar (ksankar)]

Gary,

Agreed 100%.

They got a few things right - the cloud computing models,
application models, the economies of scale, some good work on
characterizing elasticity and the challenge of scalable storage. But
they got the basic definition of cloud computing wrong as well as the
aspects of utility computing. The tables, equations (actually only one),
cost models all look a little forced. The part on DDoS attack and things
like "statistical multiplexing" got me totally lost.

In short, as an undergrad work on cloud computing, the paper
gets an A+. But as a position paper from eminent academics, I can only
give a C-. Granted it correctly identifies many of the trends and
obstacles. But that material is widely available ! With a title "A
Berkeley view of cloud computing" the report misses the point. "A
Berkeley observation..." is more like it - view requires original
thinking and interpolation, which the report lacks.

More gory details in my blog
http://doubleclix.wordpress.com/2009/02/14/a-berkeley-view-of-cloud-comp
uting-an-analysis-the-good-the-bad-and-the-ugly/.

Cheers
<k/>
P.S. Sorry for the duplicate mail on this group and the cloud computing
mailer.

|-----Original Message-----
|From: cloud...@googlegroups.com [mailto:cloud...@googlegroups.com]
|On Behalf Of Gary Mazzaferro
|Sent: Saturday, February 14, 2009 5:17 PM
|To: cloud...@googlegroups.com
|Subject: Re: Above the Clouds: A Berkeley View of Cloud Computing
|(apologies if redundant)
|
|
|

[Gary Mazzaferro]

I believe statistical multiplexing is a play on load balancing, failure
and optimization distribution curves. The multiplexing part is from
communication services similar to the old dynamic bandwidth allocation
and TDMA schemes. It was made for variable bit data transfers (variable
length packets) from multiple sources. TCP has it built in, I think
mpeg1 has it in there as part of the packet size algorithm. Maybe they
are thinking about it in terms of load balancing profiles, and
insulating the application from managing aspects of bandwidth
provisioning. I think I understood the intent.

Maybe their was a 40th anniversary party going on when the paper was
written. Too much "berkeley fog" in the air ? lol

gm

[Reuven Cohen]

On Sun, Feb 15, 2009 at 12:29 AM, Gary Mazzaferro <garymaz...@gmail.com> wrote:

I believe statistical multiplexing is a play on load balancing, failure
and optimization distribution curves. The multiplexing part is from
communication services similar to the old dynamic bandwidth allocation
and TDMA schemes.  It was made for variable bit data transfers (variable
length packets) from multiple sources. TCP has it built in, I think
mpeg1 has it in there as part of the packet size algorithm. Maybe they
are thinking about it in terms of load balancing profiles, and
insulating the application from  managing aspects of  bandwidth
provisioning.  I think I understood the intent.

Maybe their was a 40th anniversary party going on when the paper was
written. Too much "berkeley fog" in the air ? lol

gm

I've posted a few of my -- somewhat thought out insights on the Berkeley paper on my elasticvapor.com blog.
http://www.elasticvapor.com/2009/02/comprehension-of-cloud-subjectivity.html

The general premise is it occurred to me while reading the paper that the very nature of cloud computing, like the Internet itself is based on that of subjectivity or a particular subject's perspective, particularly feelings, beliefs, and desires to drive their own view point / agenda. This seems to be particularly true in the academic views of cloud computing recently, as well as this Berkeley paper.

ruv

[Lori Mac Vittie]

TCP does not have multiplexing built in, but most load balancing devices do implement some form of TCP multiplexing, usually marketed as a “feature” with a snazzy name. In the load balancing sense, TCP multiplexing is about reusing persistent back-end connections for multiple client requests.

 

I have not yet read the Berkley article (I am always behind these days, it seems), so I’m not sure in what sense they’re trying to apply the concept.

 

Lori

 

From: cloud...@googlegroups.com [mailto:cloud...@googlegroups.com] On Behalf Of Reuven Cohen
Sent: Monday, February 16, 2009 8:25 AM
To: cloud...@googlegroups.com
Subject: Re: Above the Clouds: A Berkeley View of Cloud Computing (apologies if redundant)

 

 

On Sun, Feb 15, 2009 at 12:29 AM, Gary Mazzaferro <garymaz...@gmail.com> wrote:

--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google
Groups "Cloud Computing Interoperability Forum (CCIF)" group.
To post to this group, send email to cloud...@googlegroups.com
To unsubscribe from this group, send email to
cloudforum+...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/cloudforum?hl=en

-----
Join our Twitter Group at www.twitter.com/cloudforum
Or Our Linkedin Group at http://www.linkedin.com/e/gis/927567
-~----------~----~----~----~------~----~------~--~---

[Krishna Sankar (ksankar)]

Unfortunately they are doing nothing with it, except mentioning as a buzz word ;o(

 

Cheers

<k/>

[Reuven Cohen]

I'm afraid it's official, we're at the "Peak of Inflated Expectations"
in the hype cycle of cloud computing. Guess, It's time for some
disillusionment.

r/c

[Krishna Sankar (ksankar)]

We surely are in the buzz-world-land, that is for sure ;o)

[Subra K]

Certainly it seems like the students who wrote the paper and majority of the readers will benefit from the research work since they have touched upon broad range of topics in this paper. However, given the peanut spread approach, IMHO, the paper has not done justice to lot of the topics that deserves attention from Enterprise perspective.  It would have been useful to dive deeper into the architecture, design, integration and development principles when dealing with cloud computing model as opposed to speculating on how cloud computing may be adopted or how cloud providers should model their business to become profitable.

My major peeve is with the "Data Confidentiality and Auditability" in the Top 10 Obstacles to and Opportunities for Adoption and Growth of Cloud Computing. Hey.. what about Integrity? For e.g. SOX cares only about data integrity.  The section goes on to state:

"We believe that there are no fundamental obstacles to making a cloud-computing environment as secure as the
vast majority of in-house IT environments, and that many of the obstacles can be overcome immediately with well-
understood technologies such as encrypted storage, Virtual Local Area Networks, and network middleboxes (e.g.
firewalls, packet filters)"

wait a minute, am I reading this correctly? "Data Confidentiality and Auditability" is an obstacle but really not an obstacle because customers of cloud don't understand how to apply existing security technologies to a cloud service ?  Are privacy and security issues in the cloud just about technology? Most of us in info sec business live and die by the mantra "Security is a process, not a product" (Bruce Schneier introduced this in 2000)  and will probably be offended by this conjecture. And what about "Trust and Reputation" of provider? Are all cloud service providers and CC models created equal in that regard? And what control frameworks is appropriate to employ and assess the risks of CC models and providers?

And "Availability" which is an integral component of security was addressed under the first obstacle section with some examples of DDoS scenario -  They have done a good job with the botnet example and the # of hours it will take malicious hackers to take down your service. However, the point they have missed is that not all SaaS providers are building their infrastructure on IaaS such as EC2 to scale up/ down the VM instances (in response to DoS attack or user demand) and most importantly application scalability is a major function of application architecture in conjunction with management tools that aid orchestration and automation. And who is responsible for mitigating DoS attack on a public cloud and what can you expect from providers in this regard? The customer certainly cannot simply spin off new instances and suffer EDoS (http://rationalsecurity.typepad.com/blog/2009/01/a-couple-of-followups-on-my-edos-economic-denial-of-sustainability-concept.html)

There are certainly lot of good information in this paper and I am appreciative of the research work done for this paper by computer science students of Berkeley. I only hope that the academic papers of the future make little more effort in analyzing the core issues objectively with deep dives to provide new perspective that we can call it as 'academic' - And that can be referred to in the "applied science" works by the industry.

Cheers

-Subra