Confused about the cloud?
You have a right to be. In just 12 months it has gone from being a graphical representation of the Internet on vendor architecture diagrams to the next generation of computing.
Amazon, Google, Microsoft, IBM – some of the industry’s biggest players are already involved, and many more are circling with ideas and strategies that are high on vision, but scant on detail.
What you should be asking yourself is that by taking on these vendor marketing messages and promoting a Cloud Computing model, what else are you really advocating down the track?
These are what could be called ‘side effects’ of the cloud.
Potential issues include SLAs, contractual terms and conditions, quality-of-service, management, security, usage accounting and jurisdictional complications with the physical location of cloud-based data.
Your success in the cloud space comes down to how you negotiate these potential issues and help give your business the computing flexibility users want, at a level of risk you can live with.
Let’s consider the minefield that is risk assessment in an external cloud environment.
With the cloud still in its infancy, there seems to be a trend among IT managers to push only non-mission- critical workloads out to services such as Amazon EC2 and Microsoft Azure.
It’s a situation that has been likened to the take-up of virtualisation in the enterprise, according to IBM’s business development manager for System X in A/NZ, Peter Hedges
“Roll back four years and substitute the word virtualisation for cloud,” said Hedges.
“Customers were saying we’ll test [virtualisation] but we won’t put anything mission-critical on it. Now we’re at a point where they don’t do anything that isn’t virtualised.”
HP Australia’s marketing manager for enterprise servers and storage, Angus Jones, somewhat concurred: “If we look at virtualisation technology, it’s been around for 30 years, but it’s only been in the last few years that we’ve seen serious movement to it in the market.
“Even today, penetration of virtualisation for mission- critical applications is small. We’re still waiting for organisations to be comfortable with the technology,” said Jones.
Dell provides a similar though slightly more optimistic assessment.
“Four or five years ago no one put mission- critical applications on VMware,” said Justin Boyd, enterprise marketing manager A/NZ at Dell.
“Then everyone became comfortable and started deploying more to it. The same thing will happen with the cloud.”
You call that service?
Commentators appear unsure of the extent to which mission-critical workloads will be transferred into an external cloud environment.
Most believe that mission-critical workloads will move into the cloud in some form, but the rate at which they do is largely tied to the emergence of service-level agreements (SLAs) on such services.
“Putting mission-critical applications into the cloud comes down to the SLAs,” said Simon Elisha, CTO of Hitachi Data Systems.
“If something goes down, who do you call? For example, if there’s a Gmail outage, all you can do is sit and watch the forums. Until cloud service SLAs become enterprise-grade, I don’t think significant applications will move across.”
IDC Australia associate director, Linus Lai, agrees. “We’ve run many surveys and we know large enterprises aren’t about to migrate mission-critical applications onto the cloud.
“They’re likely to develop new or non-mission-critical applications on the cloud that require very little integration with existing back office systems.”
Lai cautioned that current SLAs for cloud services could be inadequate for mission-critical enterprise users because any refund from the provider stipulated under a liability clause is unlikely to cover the full cost of the downtime.
“If you pay $1000 for capacity then the liability the operator is exposed to is also $1000,” said Lai.
“That isn’t going to be anywhere near the opportunity cost of being unable to run your business applications.”
Nick Abrahams, a partner at law firm Deacons, urges both vendors and their customers to carefully examine the terms and conditions of a Cloud Computing contract to reduce both parties’ liability profiles.
“We’ve always wrestled with the concept of vendors limiting their liability [exposure], but when you’re delivering a critical part of the business through a vendor you will want a complete rethink of your liability profile,”
“In a standard license, you’ve always got a liability cap but it’s OK because you’re using the application internally and you’ve largely got control over uptime. If it doesn’t work it’s a drag but it doesn’t pull the whole business down.
“If you rely on the cloud to provide mission-critical services to the business, you will want to reconsider the issue of liability,” he said.
Feature: In the fine print
By Ry Crozier on Nov 28, 2008 2:30PM