Part 3: Economics of Cloud Computing > Overview > Video
- The decision making process incorporates a comprehensive identification of risks and opportunities presented by cloud adoption.
- Next, we briefly look at two IEEE led cloud standards initiatives that will increase the interoperability potential of cloud based systems and help reduce the risks and decrease the costs of cloud computing.
Part 3: Economics of Cloud Computing > Review of Service Models > Video
- Middleware, provided by such technology as Java virtual machines, provide the abstraction layer in the platform as a service or PaaS service model, where typical consumers are application developers.
- Finally the infrastructure as a service or IaaS service model provides an abstraction for hardware and software infrastructure by virtualizing such resources as processing and storage.
- IT administrators are the likely consumers for IaaS services and some current popular providers of such services are shown in the cloud in the lower left of the diagram.
Part 3: Economics of Cloud Computing > SWOT Analysis and Value Proposition > Video
- Weakness are identified here as computing performance latency due to network communications overhead; low reliability; and limitations in customizability and configurability.
- Finally threats exist in data confidentiality; integrity and availability; interoperability limitations; and various legal and financial risks.
- Or, if an organization wishes to retain internal control of an application because of proprietary concerns, then even SaaS may not be appropriate.
- In order to make the forgoing discussion as general as possible, value propositions can be interpreted either as strengths or opportunities and risks can be interpreted as either weaknesses or threats depending on the organization, application and environment in question.
- End users who directly use software applications, whether on their own or on behalf of their organization.
- Software application administrators who configure an application for end users.
- In software as a service consumers get the right to use specific applications on demand, and application data management, such as backup and data sharing between consumers.
- Usage fees are typically, based on the number of users, the time in use, per-execution, per- record-processed, network bandwidth consumed, and quantity/duration of data stored.
- Typical consumers for platform as a service offerings are: Application developers, who design and implement an application’s software.
- Application testers, who run applications in various testing environments.
- Application deployers, who publish completed or updated applications into the cloud, and manage possible conflicts arising from multiple versions of an application.
- Application administrators, who configure, tune, and monitor application performance on a platform.
- In all of these cases the consumer receives the use of the PaaS cloud provider’s tools and execution resources to develop, test, deploy and administer applications.
- Usage fees are typically calculated based on the number of consumers, the kind of consumers, storage, processing, or network resources consumed by the platform, requests serviced, and the time the platform is in use.
- These consumers see value in ready access to virtual computers, network-accessible storage, and network infrastructure components such as firewalls, and configuration services.
- In IaaS usage fees are calculated typically per CPU hour, data gigabyte stored per hour, network bandwidth consumed, network infrastructure used per hour, and value-added services used.
- Network infrastructure used is often measured in the number of IP addresses consumed and value-added services often include monitoring and automatic scaling capabilities.
Part 3: Economics of Cloud Computing > General Cloud Computing Risks > Video
- Cloud computing is not a solution for all consumers of IT services, nor is it appropriate for all applications.
- As an emerging technology, cloud computing presents a number of risks for IT hosted services.
- Complex computing systems are prone to failure and security compromise.
- With this in mind, it is important to understand that cloud systems, like all complex computing systems, will contain flaws, experience failures, and experience security compromises.
- The existence of these issues does not disqualify cloud systems from performing important work, but it does mean that techniques for detecting failures, understanding their consequences, isolating their effects, and remediating them, are central to the wide-scale adoption of clouds.
- Cloud computing has potential to foster more efficient markets through convenient leasing of computing resources.
- In some scenarios, cloud computing offers consumers the ability to forgo capital expenses such as building internal computing centers, in exchange for variable service fees.
Part 3: Economics of Cloud Computing > Value and Risk of Open Source Software > Video
- Open source software is free for use, modification and redistribution provided the terms of the associated license agreement are followed.
- Open source software is commonly used by cloud providers and provides both value and risk to the enterprise.
- The openness and availability of open source software has created opportunities for industry and academia to easily conduct experiments and to develop deployable cloud computing technologies and systems that use open source software.
- Use of open source software may also lead to increase interoperability and is expected to lead to various cloud computing standards.
Part 3: Economics of Cloud Computing > Cloud Computing Cost Analysis > Video
- It includes subscription costs, integration and customization costs, user training costs, and the first year of ongoing operational costs.
- SaaS subscription costs depend on the provider’s billing model, so we can estimate it from the number of users and the average monthly subscription fee.
- Associated costs would include in-house development costs for customization, the costs of any related professional services such as consultants, integration costs, user training, hardware and middleware costs, and operational costs.
- IaaS transforms hardware and infrastructure software costs to subscription fees that are based on the estimated number of server instances required, the middleware installed on them, the usage levels required by the application, and the server capacities.
- Operational costs might include networking infrastructure costs, power costs, and the cost of floor space used by the equipment.
- Networking costs depend on the deployment model and can include the Internet connection costs, security costs and administrator labor costs.
- Such costs involve SaaS subscription fees, software and hardware maintenance expenses, customization costs, and professional support fees.
- Annual software maintenance, customization, and professional support costs can be estimated either empirically from benchmark standards or as rough percentages from the initial software development cost.
- Hardware maintenance cost for the in-house solution can be determined by using a percentage of the initial hardware expenditure Combining these costs, a manager can calculate the total cost of ownership for a period of n years by using the simplified formula for each of the three cases, the SaaS adoption, the in-house implementation and an IaaS adoption.
Part 3: Economics of Cloud Computing > Selecting an IaaS Provider > Video
- Whether certain discounts are offered the average monthly cost for some sample of processing and storage resources The uptime offered The number of datacenters offered as a choice when deploying cloud server If the vendor has certain compliance- and security-related certifications.
- If it is possible to scale up individual cloud server instances by adding more memory, extra CPUs or more storage space If it is possible to deploy new server instances quickly Support can be rated on some scale, such as poor, average and excellent Monitoring can be measured by a similar three-level subjective scale If the company offers APIs to interact with the servers If the provider has a “Free trial” feature that customers can use to test the service.
Part 3: Economics of Cloud Computing > Cloud Standards and Intercloud Interoperability > Video
- One of the many challenges to cloud adoption and cost effective utilization is the absence of international standards.
- One such standard is IEEE P2301, the IEEE Guide for Cloud Portability and Interoperability Profiles.
- Cloud personalities are certain cloud configurations that are stereotypical and repeatable, say, for an application domain, user community, or industry.
- Cloud interoperability requires protocols, directory service, namespace authority, trust authority, and governance coordination, and P2302 seeks to promote these qualities.
- The P2302 standard creates an economy among cloud providers that is transparent to users and applications.
- The Intercloud Root and Intercloud Exchanges would facilitate and mediate the initial Intercloud negotiating process among Clouds.
- Once the initial negotiating process is completed, each of these Cloud instances would collaborate directly with each other via a protocol and transport appropriate for the interoperability action at hand; for example, a reliable protocol might be needed for transaction integrity, or a high speed streaming protocol might be needed for optimized data movement over a particular link.
Part 3: Economics of Cloud Computing > Recommendations for Successful Cloud Migration > Video
- Plan for an eventual termination of a provider’s service during the procurement phase of the contract, and clarify how assets are to be returned.
- Review the provider’s business continuity plan and redundancy architecture to understand if their stated availability goals are supported.
- Request assurances that a provider employs established internal operating procedures and service management techniques for reliable system updates, data transfers, and other site modifications Determine whether the capabilities for defining the necessary controls exist within a particular provider, whether those controls are being implemented properly, and ensure that the controls are documented.
- Traditional forms of direct assessment may not be feasible and may require working with the cloud provider to gain needed information and system access, or to allow third-party audits to establish a sufficient level of assurance.
- The insider security threat is a well-known issue for most organizations and extends as well to the cloud provider’s staff.
- Investigate whether a provider can support ad hoc legal requests for discovery and preservation of data.
- Ascertain the operating policies of providers for their: willingness to be subjected to external audits and security certifications.
- Finally determine providers’policies for the vetting of privileged uses such as the provider’s system and network administrators.
- Ensure that all personnel read and understand the provider’s acceptable use policy, and negotiate an agreement for resolution of specific classes of policy violations in advance with the provider.
- Finally, consumers and providers should agree on a set of procedures a consumer needs to perform to take an application offline, the testing that must be performed to ensure the application continues to perform as intended, and the procedures needed to bring the application back online.
- Before a decision is made to migrate to a cloud, ensure that the application infrastructure interfaces provided in that cloud are generic or at least that data adaptors could be developed so that portability and interoperability of the application is not significantly impacted.
- When data of differing levels of sensitivity are to be processed in a cloud, multiple distinct clouds can be used concurrently to provide different levels of protection to sensitive and non- sensitive data.
- Finally, you should be able to examine the capabilities of providers with respect to: data backup, archiving, and recovery.
- Physical plant security practices and plans at provider sites as part of the overall risk considerations when selecting a provider.
- Use authentication tokens or other appropriate forms of advanced authentication, which some providers offer, to mitigate the risk of account hijacking and other types of exploits.
- Consumers should have visibility into the following capabilities of a provider: including the authentication and access control mechanisms that the provider infrastructure supports, the tools that are available for consumers to provision authentication information, and the tools to input and maintain authorizations for consumer users and applications without the intervention of the provider.
- Benchmark current performance scores for an application, and then establish key performance score requirements before deploying that application to a provider’s site.
- When providers offer computing resources in the form of VMs, ensure that the provider has mechanisms to protect VMs from attacks by: other VMs on the same physical host, the physical host itself, and the network.
- In all cases, formulate a strategy for migration of Virtual Machines and their associated storage among alternative cloud providers.
- When available, choose clouds that provide application development frameworks that include an architecture and tools for mitigating security vulnerabilities.
- Tools that support the intuitive authoring and maintenance of security policies, and provide an integrated application development environment covering the full system lifecycle, with an orientation towards facilitating security accreditation, are preferable.
- Before a decision is made to deploy a new application in a cloud, or compose an application from the building blocks offered by a provider, a consumer should ensure that the libraries – included in the compilation phase or called during the execution phase – behave as intended, both in terms of functionality and performance.
Part 3: Economics of Cloud Computing > Summary of Part 3 > Video
- Cloud-vendor relationships characterized by trust are critical for cloud deployment and the promise of gaining advantage in a competitive market.
- Organizations achieve greater IT economies of scale with cloud computing when investing first in relational, technical, and managerial capabilities.
- Cloud based computing systems are complex and share many of the same challenges as a conventional distributed computing model, as well as offering their own unique challenges.
- The decision to migrate one or more applications, services, or an entire enterprise to a cloud computing model is a critical one that involves substantial risk and reward.