Friday, December 31, 2010

The 2010 cloud computing winner

Who was the 2010 cloud computing winner? It’s a subjective topic. And you’re really comparing apples to oranges. There are SaaS, PaaS and IaaS offerings, all serving different customer needs. Some vendors are established, while others are only just getting started. And of-course, people tend to declare a technology they are familiar with as a winner.

To identify a winning technology it’s usually best to go straight to the market and see what people are actually using. Winning technologies get adopted, new jobs get created and specialized skills get requested for.

Below is the job trend for the top 3 cloud vendors – Amazon, Microsoft and Google. While being non-scientific, this approach does raise some interesting points. Demand for Amazon cloud services is booming, both for compute and storage capabilities. There are almost triple the jobs requesting Amazon EC2 skills to those asking for Microsoft Azure capabilities. And Google AppEngine is surprisingly in little demand. So, is it fair to declare Amazon the 2010 cloud computing winner?

Thursday, December 16, 2010

Yes, the cloud even has some security benefits...

Security is still cited as a main reason by your large, stodgy corporations for staying clear of cloud computing. And while the cloud does have its security challenges, there is one key security benefit that cloud computing offers — Distributed Denial of Service (DDOS) protection.

After all, you can try to block, engineer and reroute traffic (difficult) or you can just throw more infrastructure at your attackers (easy) until they get tired of pumping traffic at your web servers. Amazon themselves exemplified this benefit by scaling up infrastructure to disrupt a recent DDOS attack by the group Anonymous. The image in this post is actually a Twitter statement admitting defeat, after only a short burst attack against Amazon.

In a few years I expect large organizations to use the cloud as part of their DDOS strategy, especially as prevalence of this type of attack goes up and the costs of running cloud infrastructure goes down. So, yes, there are actual security benefits to using the cloud.

Friday, December 10, 2010

WikiLeaks and the Cloud DDOS Strategy

I found the recent WikiLeaks saga to be fascinating. Never in history has the individual had so much power to collate and disseminate sensitive information, with the ability embarrass governments around the world and put them into damage control. But for a cloud computing vendor like myself, this story added an interesting twist.

Within hours of releasing documents, the WikiLeaks servers were under heavy attack from patriotic individuals, and likely also governments, trying to stem the flow of information. It was a typical distributed denial of service (DDOS) attack, which can usually shut-down an organization like WikiLeaks with ease.

What surprised me about WikiLeaks is that they didn't take the usual route of dealing with a DDOS attack by working with upsteam ISPs and traffic engineers to restrict the traffic approaching their servers. They realized that trying to stop an onslaught of traffic is both a political and technical challenge, and one that is likely to fail. Instead, they moved their services further into the cloud, distributing their content across the on-demand, readily billable and highly scalable Amazon EC2 infrastructure. It's an excellent plan that realizes that you can avoid an attack by simply throwing more infrastructure at those trying to attack you.

Smart companies should look at the cloud as part of their DDOS mitigation strategy. It costs nothing to be prepared (Amazon EC2 charges are nil until you actually spin up the servers), provides infrastructure that can rapidly scale to meet the traffic challenge and provides you with a world-wide set of data-centers across which to spread the load.

[Yes, I know that WikiLeaks were eventually kicked off the Amazon EC2 infrastructure due to political wrangling by Senator Joe Liberman, but hopefully your organization isn't that offside with the government that this should be a concern ;-)]

Saturday, November 27, 2010

Platform as a Service: Read the fine print

I'm surprised at the number of startups that are now going directly to the cloud, bypassing traditional web hosting solutions and avoiding the need to own a server in-house. That's great news, and at a minimum it shows that the big players -- Google, Amazon and Microsoft -- are marketing well to the startup crowd. But I am even more surprised at the number of startups that make critical cloud platform selections without reading the fine print.

The little details with Platform as a Service (PaaS) are the ones that cause the most pain to startups. They will lock you in to a vendor, force you to use a given programming language and framework, and will frequently make you tear your hair out catering to unusual timeout rules.

Google AppEngine strictly enforces these rules, limiting all request to 30 seconds, restricting you to 1000 records per database query and forcing you to use python-only libraries. And of-course, moving off the AppEngine platform to a standard server will leave behind a trace of code spaghetti built needlessly to cater to your platform selection. Yes, Google AppEngine is free for startups, but note the hidden costs.

Of-course, Google AppEngine (and Microsoft Azure) are offering a tradeoff. Adhere to these rules and you can avoid the hassles of managing your own server, à la Amazon EC2. It's an awesome offer -- developers can avoid touching servers, operating systems, patches, consoles and the mundane tasks of upkeeping a server and database. But don't bet all your startup's money on PaaS until you have read all the details in their rule book...

Monday, November 22, 2010

Monday, November 15, 2010

Why your business really needs the cloud

If you are running a basic, content-driven website then utilizing the cloud won’t give you much advantage. After all, your website just needs CPU power and a way to upload content and manage the application. And publishing to one of the many Virtual Private Servers (VPSes) or Shared Hosting providers will more than suffice, and can be done at much lower cost.
But there are instances where startups and SMBs should only consider the cloud:

  • Cloud computing vendors are offering excellent techniques to auto-magically scale your hardware to meet customer loads. The next killer app is very likely to use the inbuilt scaling controls of Google AppEngine (probably the easiest one to use) to just as easily meet the demands of 1000 users as 1,000,000 users. And programmers love the ability to be able to scale an application without ever having to touch the underlying hardware or operating system.
  • Access to the right hardware and software combinations can frequently be a pain to procure and manage. Cloud provider, such as Amazon, now give access to a vast technology stack, directly through an easy-to-use web interface. Need Ubuntu 6.1 with SQL, running on a Quad-core machine? It’s now readily available for you in the cloud, without the hassle of installing and managing software packages.
  • As the cloud grows, so will the benefits to those who are using it. New solutions are constantly being built for cloud based monitoring, security and administration. Within a couple of years you will find that product integration within the cloud is significantly cheaper and easier than having to integrate with solutions that are outside the cloud.
Of-course, using the cloud is in and of itself a bet. It’s still a maturing industry and may not provide all the tools that your startup or SMB requires. But considering that the key cloud vendors are now running 50,000+ servers in their datacentres, would you really want to bet against them? When building your new app consider now just what the cloud provides today, but what it may provide your killer app with tomorrow and next year.

Wednesday, November 10, 2010

When is cloud suitable for a basic website?

recently argued that cloud is not a suitable solution for the online shops, blogs, forums and content driven sites that constitute the vast majority of the web. After all, these are websites that need nothing more than a CPU and a database, which can be provided at lower annual cost by the numerous VPS and Shared Hosting providers.
But even if a shared host is more sensible for your business, you may still benefit from some short-term access to the cloud:
  • The cloud is a great resource for testing the minimum hardware requirements for your online service. This is exactly what I did for my own startup. Unsure of how much computing power I will require, I started off by using Amazon’s smallest cloud solution, a ‘Micro’ machine instance with only 613MB of memory and a low power CPU. Slowly I progressed up the stack, to larger and more powerful systems. Keep climbing up the ‘power stack’ until you find a server that can just support your requirements. You can now move the code back to a standard VPS for cheap, long-term hosting, but with the comfort that you will choose exactly the hardware that you need.
  • Some companies require a website for only short-term use, to run online competitions and other short term promotions. These websites really don’t need the services of a cloud provider. But they may be cheaper to run on the cloud if their online presence is expected to last for less than a month (you will find that costs after a month may make it cheaper to go back to using a standard VPS or Shared Host).
Next article: Why your business really needs the cloud

Tuesday, November 9, 2010

Cloud vs. VPS vs. Shared Hosting

A lot of startups and SMBs need access to very basic server resources to host their website. They don't require cloud based REST APIs, automatic scaling or the ability to run their application as part of a high-performance compute cluster. These are your traditional content providers that sell products in on-line shops, host blogs with inline adverts and generally ensure an online presence exists for their bricks'n'mortar business.

So I find it surprising when I see such traditional content providers move their online presence to the cloud. This fact, more than anything, shows that the marketing of cloud solutions can cloud (excuse the pun) the decision making of those responsible for your company's infrastructure.

Outsourced solutions for server hosting have existed for many years. And while they may not be in fashion, they are likely to service your business just as well and at lower cost than cloud:

  • Virtual Private Servers (VPS): If you want direct RDP or SSH access to a dedicated server, then take a look at VPS.  A VPS is a dedicated virtual machines where you get full console access to install tools, manage services and tweak the system to your needs. Take a look at this resource to find a VPS that meets your needs.
  • Shared Hosting: If you don't require any console access to fine-tune your application and OS, then shared hosting is an even cheaper solution. A shared host is a service that runs your application in a dedicated partition, and provides a simple interface (eg. cPanel) to manipulate some of the system settings.
You will find that VPS and Shared Hosting are cheaper and easier to manage than anything offered by the key cloud providers today. If you are running a basic website then cloud is likely not for you.

Next article: When is cloud suitable for a basic website?

Thursday, November 4, 2010

LabSlice accepted into the Microsoft BizSpark program

LabSlice has been accepted to the Microsoft BizSpark program. If you are not aware of this program, here is a quick summary of what you get and why you should join:

  1. Microsoft will support your business by giving you 3 years of access to development tools, such as Microsoft Visual Studio 2010.
  2. Microsoft will give you 3 years of rights to use their products for free in a production environment. This includes all flavors of Microsoft Server, but also products such as SQL Sever and SharePoint.
  3. You can access to VC, angel networks and other folk who would like to be involved in your startup.
It's a great program with few, if any, detractions (as far as I am aware). It doesn't cost anything to join Microsoft BizSpark, but you do need to get assessed and approved by an existing BizSpark Network Partner.

Friday, October 22, 2010

2 cents/hr is cheap, but free is even better!

You know things are getting hot when vendors start offering solutions for the rock bottom price of just 2 cents/hr! That was Amazon's announcement just 1 month ago, when they made available 'Micro' sized server instances. These instances provide on-demand access to an x32 or x64 613 MB server, which is usually enough power for a small web site to run effectively.

At 2 cents/hr it's a bit difficult to recoup running costs for a server. That's $175 per year, which is not insignificant, but also not a great profit after accounting for service costs, datacenter charges and billing overheads. Some reasons why Amazon decided to take this path (all, of-course, just my personal viewpoints):
  • Spare capacity is spare capacity. Amazon is selling off any available CPU resource in their datacenter. No matter how small it is, selling it off still generates an income.
  • 2 cents/hr is a very attractive price point for startups. Even my own business, LabSlice, will benefit handsomely from such low costs, as our service spins up 100's of instances per week. A small cost change benefits us and our customers.
  • Google offers their AppEngine cloud service for free for low utilization projects. Amazon isn't quite offering a free solution as a competitor, but... (see below).
  • Micro instances may be a stepping stone to use of Amazon's automatic scaling services. Instead of buying a large box, users may now buy a Micro instance and implement automatic scalability. It's a win-win for Amazon and the user: Amazon sells more services and the customer gets a pricing point that is very tightly coupled to the actual use of the application.
Now, what could be better than a 2 cent/hr billing rate? As a special deal, Amazon is offering free usage of Micro instances for a full year for any registrations that occur before 1 November.

Friday, October 15, 2010

Choosing your cloud

The pointy haired boss at your company will inevitably want you to look at cloud. But what most bosses don't realize is that it's not a simple "forklift operation" of moving existing code to a new platform. Choosing the right cloud can be a challenge with factors such as cost, platform selection, language availability, scalability and automation coming into play. Below is a quick primer to help you choose between the leading cloud providers:

Google AppEngine

Google is a great choice for startups and in many ways they are building a cloud that can run the next Facebook or Twitter on their dedicated platform. Their business model highlights this. They offer 500 MB of cloud storage and up to 5 million page views per month for free. They also geared AppEngine towards the hacker's choice of Java and Python, run code on an abstracted platform layer (real developers don't want to touch the underlying OS) and provide automated scaling controls.

Historically Google has excelled at targeting their products at individuals and SMBs, and it seems they are heading in a similar direction with AppEngine. If you are a small company with smart developers then you will likely want the low-cost, hacker-oriented and highly-automated (whew!) solution offered by AppEngine. If you're an Enterprise then you will more than likely be concerned about lock-in, skills availability (.NET is the most readily available dev platform in large enterprises today) and lack of fine grained control.

Microsoft Azure

Microsoft is offering a similar product to Google AppEngine, obviously geared towards the Microsoft community of Visual Studio developers. Web applications that currently run on the .NET/IIS7/SQL Server stack can be easily migrated to the Azure cloud, which comprises solely of a cluster of virtualized Windows 2008 servers. Developers familiar with the Microsoft development stack should have no problem moving to the cloud. As with AppEngine, the Microsoft solution offers scalability automation and abstraction from the underlying platform.

While Microsoft Azure can be tweaked to run non-Microsoft technologies (such as PHP), it is still very much oriented towards the Microsoft technology stack.  Google AppEngine and Microsoft Azure may not end up as direct competitors --- they can likely carve out a market that splits users into "hacker startups and SMBs" for Google AppEngine and "enterprise users" for Microsoft Azure.

Amazon EC2

Amazon is the granddaddy of cloud computing, offering a mature and stable cloud solution that has been active for almost 5 years. The Amazon solution differs greatly from that provides by Google and Microsoft. They selling on-demand, virtual slices of a computing infrastructure (Infrastructure as a Service), rather than an underlying development platform (Platform as a Service). That makes Amazon EC2 very similar to running an application within your own datacenter. You can use any operating system and development language that you like, with full console access to configure and manage your box.

The Amazon EC2 cloud is the easiest to get started with and probably the closest to how your company currently runs its environment. There's very little lock-in, as Amazon is only selling you computing time on a box and some peripheral technologies to aid in scalability and monitoring of the environment.

Wednesday, October 13, 2010

Microsoft SEO toolkit to help your startup

It's difficult trying to get the word out about your new startup. There are the usual methods of getting link-backs, writing blog content and doing search engine optimization (SEO). I just came across the free SEO Toolkit from Microsoft. The toolkit is an IIS plugin, but in practice can be used to scan any website for SEO improvement recommendations.

I'm not too sure of the value of this toolkit, but here are some of the recommendations it made for the LabSlice website:
  • Multiple 'title' tags: We erroneously created multiple title tags for each page, one for the page content and another automatically generated in our master page layout. Having multiple title tags can confuse the search engine as to the actual website's intent.
  • Brand name in the title: The MS SEO tool recommended that we remove the word 'LabSlice' as the first word in the title. Apparently search engines heavily weight the first word or two in the title, and therefore it's not a good idea to waste such words on the company's brand name.
  • Multiple 'h1' tags per page: I have read about this SEO issue before, but apparently not all our pages adhered to this SEO recommendation. Use only a single h1 tag per page to highlight to the search engine exactly what's important in your content.
Was the SEO Toolkit from Microsoft useful? It's hard to say, but I guess that it also can't hurt. Give it a shot on your website.

The Microsoft SEO toolkit is added as an IIS7 plugin that manages site analysis, sitemaps and robots.txt.

Wednesday, September 22, 2010

The cloud popularity contest

Zenoss has released a survey about business interest in Cloud Computing. Take it with a grain of salt, as the survey only consisted of 200 or so individuals. The most interesting part is that Amazon still holds a strong lead in cloud, but Google AppEngine is very quickly catching up:

Is the cloud insecure?

Cloud security is on the top of every CIO's mind. Apparently some people even consider that cloud risks outweigh cloud benefits.

Unfortunately, an overzealous approach to cloud security can lead to arguments that detract from the real issues, with little to no analysis of the specific problems at hand.

Below is a list of cloud security issues that I believe affect large organizations:

  • Separation of duties Your existing company probably has separate application, networking and platform teams. The cloud may force a consolidation of these user groups. For example, in many companies the EC2 administrators are application programmers, have access to Security Groups (firewall) and can also spin up and take down virtual servers.
  • Home access to your servers Corporate environments are usually administered on-premise or through a VPN with two-factor authentication. Strict access controls are usually forgotten for the cloud, allowing administrators to access your cloud's control panel from home and make changes as they see fit. Note further that cloud access keys/accounts may remain available to people who leave or get fired from your company, making home access an even bigger concern...
  • Difficulty in validating security Corporation are used to stringent access and audit controls for on-premise services, but maintaining and validating what's happening in the cloud can become a secondary concern. This can lead some companies to lose track of the exact security posture of their cloud environments.
  • Appliances and specialized tools do not support the cloud Specialized tools may not be able to go into the cloud. For example, you may have Network Intrusion Detection appliances sitting in front of on-premise servers, and you will not be able to move such specialized boxes into the cloud. A move to Virtual Appliances may make this less of an issue for future cloud deployments.
  • Legislation and Regulations Cross border issues are a big challenge in the cloud. Privacy concerns may forbid certain user data from leaving your country, while foreign legislation may become an unneeded new challenge for your business. For example, a European business running systems on American soil may open themselves up to Patriot Act regulations.
  • Organizational processes Who has access to the cloud and what can they do? Can someone spin up an Extra Large machine and install their own software? (LabSlice adds policy management to stop this from happening). How do you backup and restore data? Will you start replicating processes within your company simply because you've got a separate cloud infrastructure? Many companies are simply not familiar enough with the cloud to create the processes necessary for secure cloud operations.
  • Auditing challenges Any auditing activities that you normally undertake may be complicated if data is in the cloud. A good example is PCI -- Can you actually prove that CC data is always within your control, even if it's hosted outside of your environment somewhere in the cloud ether?
  • Public/private connectivity is a challenge Do you ever need to mix data between your public and private environments? It can become a challenge to send data between these two environments, and to do so securely. New technologies for cloud impedance matching may help.
  • Monitoring and logging You will likely have central systems monitoring your internal environment and collecting logs from your servers. Will you be able to achieve those same monitoring and log collection activities if you run servers off-premise?
  • Penetration testing Some companies run periodic penetration testing activities directly on public infrastructure. Cloud environments may not be as amenable to 'hacking' type activities from taking place on cloud infrastructure that they provide.

    Tuesday, September 21, 2010

    The wispy cloud

    Cloud computing is the latest IT trend. Conferences are promoting it, vendors are pushing it and CTOs are buying it. Amazon EC2, Google App Engine and Microsoft Azure are the big technologies dominating it. And Gartner identifies it in their 10 Strategic Technologies for 2010. But what is cloud computing?

    Spend time with vendors and you'll quickly find that the definition of "cloud" is whatever the customer wants to hear. Last year's anti-virus is this year's cloud anti-virus. Last year's FTP is this year's FTP in the cloud. Cloud seems to be the ultimate Rorschach Test, both in the real world and the IT world.

    So as a new startup dealing with cloud computing, I feel that I must somehow define what cloud computing is and what it can offer. I believe that the cloud can be most concisely defined as a self-service environment for the immediate provisioning of platforms and applications, with billing being based on granular usage consumption metrics. It's very similar to your usage of electrical and telephony services, with per-minute billing and a service that "simply works".

    Amazon EC2 provides a great example of what cloud computing can be. They deliver a self-service application that enables hourly rental of server time, with billing that is based solely on the CPU power and bandwidth consumed by the client. If you wish, it's possible to lease a unix machine for a single hour, turn it off, and get billed by Amazon a measly 3 cents for the service!

    And our new startup... LabSlice extends the Amazon EC2 cloud to create an environment for IT and Sales Engineers to distribute and share Virtual Demos, Evaluations and POCs of their thick and thin client applications. We use the Amazon EC2 on-demand servers to host your demos in the cloud, adding workflows that enable you to easily share demo machines with your peers, business partners and prospective customers.