Search results matching tag 'Cloud'

The Cost of Cloud

christianverstraete — Fri, 13 Nov 2009 10:33:00 GMT

Does the cost of cloud computing limits the usability of a community cloud to support a supply chain? This is really the question I'd like to address today.

Last April, McKinsey and last September, IDC have done an exercise of costing the difference between running applications in the cloud and in a datacenter. The McKinsey study has resulted in very strong reactions from bloggers, pointing out "McKinsey's Cloud Computing Report is Partly Clouded" to take one example. The IDC presentation, done at the Cloud Computing Summit, got much less exposure. Computerworld UK and Linux.com comment, surprisingly rather in a positive note. Why is that?

Well, where McKinsey was reasonably vague in their comparison, IDC very clearly pointed out they compared running applications in a next generation datacenter versus running them in the cloud. In the current terminology, you could argue that a next generation datacenter is nothing else than a private cloud, so that the debate becomes irrelevant.

Highly virtualized datacenters used by large enterprises can achieve efficiencies that are very close to the ones reached in public clouds. Cloud companies needing to make profit, it is logic that such private clouds will be cheaper in the long run. Fundamentally this is what IDC demonstrates. The whole argument for the cloud is the one of elasticity, and the case study of Animoto is often quoted. They managed to get from 50 to 5000 servers in a week-end. This is really great, but let's be frank for a minute, how many large enterprises are confronted by such issues? What is the true demand variability?

In all the discussions above, we are talking about hosting existing functionality in the datacenter or the cloud. But what should we do with new functionality? In several blog entries, I have been talking about the development of community or ecosystem clouds to support an improved management and collaboration in the supply chain. These functionalities do not exist in most enterprises, and the question should really be whether such functionality needs to reside in the datacenter or in the cloud. Today, I would argue that it should be in the cloud for multiple reasons:

First, building the required infrastructure in a datacenter costs money, it's typically CaPEX, which is not highly regarded by most financial people these days. Putting the functionality in the cloud limits or eliminates the start-up costs, and turns the on-going cost in OPEX, a move that is regarded more positively by finance.
Second, establishing the visibility and collaboration function in the cloud can be seen as a natural evolution of existing B2B exchanges. Supply Chain partners, already connected to an exchange might be able to use similar connections to the community cloud. It makes the development of such a cloud acceptable by the supplier base.
Third, using the cloud establishes a neutral party that maintains the service. It builds trust and may facilitate the acceptance in the supplier community
Lastly, using cloud technologies, the shared data can remain under the control of the data owner, as the technology allows the access of distributed data. Suppliers can decide which information to share, while avoiding the proliferation of that data across the internet.

Obviously, security is an important topic to address, but progress is slowly but surely made. Governance and how the service evolves over time is the other, is another aspect that needs to be addressed. Some large OEM's may take the lead and direct their suppliers to attend, but in most situations, we expect a trusted third party to run the service. Obviously, in that case, having a team looking after the evolution of the service, what new functionality is taken in service when, becomes important. Building a community around the service will make the members feel part of a team, which is exactly what you are looking for to establish a successful service.

Did you read the news today, oh boy! HP Converged Infrastructure.

Duncan Campbell — Wed, 04 Nov 2009 13:29:00 GMT

HP is making headlines today with the introduction of an impressive new strategy and architectural framework: HP Converged Infrastructure (click here to view the news release). The timing couldn't be better. I've heard from a lot of CIOs lately who have indicated they have more aggressive plans to invest in infrastructure innovation to attract new customers and tap new markets to combat economic conditions. This is exactly how convergence of new and existing technologies can, and is, creating exciting opportunities.

Converging the infrastructure isn't a new concept, but being able to convert that vision into reality today, is. This is where the breakthrough HP Converged Infrastructure architecture has me excited. In my mind, it's the most thorough and complete framework - all built through the pioneering work of the HP Adaptive Infrastructure - by which customers can gain the pure benefits of a services-centric IT approach that has been elusive for years.

Why a converged infrastructure ... a look back in time?

I know time flies, but if you look back a few decades, IT organizations have been adding servers, storage, and networking in silos to keep pace with business demand for applications and the terabytes of data they generate. The problem is, because of this sprawl, those resources are tangled up in legacy architectures that have created inflexible stacks of IT.

This sprawl has wide-reaching implications that are driving businesses to a breaking point - starting with cost. It's a fairly well known fact that the average business spends around 70% of their IT budget on operations versus innovation. This is unacceptable in today's market. The effects of sprawl have caused business to suffer from a lack of agility ... sluggish time to revenue ...lost opportunity and higher costs to operate through lost time ... and the lack of integration with business processes. This has placed IT under tremendous pressure. Because of sprawl, these rigid, aging infrastructures have all led to over-provisioning and underutilization ... complex physical and virtual management ... stranded capacity ... and exponential opportunities for error. Plus, back to my earlier point ... the amount of money it takes to operate and manage all of this has put a noose around the already slim IT budget.

The solution to sprawl lies in a converged infrastructure that unifies business, application, and infrastructure functions to optimally deliver faster time to business value, simplified management, increased utilization, and lower power cost across a scaling set of applications. This balances the 'cost-innovation' ratio - among the many other benefits - because it both addresses IT cost optimization and provides new value that directly impacts business results!

Imagine being able to deliver any application anywhere, on the fly, in the cloud; have ready resources that flex 'on demand' in an optimized way; unleash the trapped & strapped productivity of administrators, systems and facilities; have complete predictability and continuity of service; and achieve all this now while working from your current IT investments and infrastructure (we are not talking about rip & replace like other vendors).

Why I believe the HP approach is optimal for our customers?

For customers to truly benefit from a Converged Infrastructure - in ways never achieved or seen before - it's about bringing "innovation" into the game ... and not in a small way. As more and more businesses begin to rely on fewer, more strategic vendors (and selective partner solutions), they need the best products, the best services, and the expertise and track-record that delivers the biggest bang for the lowest cost ... and at lowest risk. This is exactly what CIOs told me at the recent HP IT forum in Hong Kong (see my last blog).

Simply put, it requires the convergence of servers, storage systems, network, management software, and energy optimization, which is no small feat. It requires an architectural approach where all technologies and services come together - having been designed for convergence from the get-go - through years of experience delivering IT infrastructure solutions to our customers.

The HP approach uses a unique value proposition and infrastructure requirements that are Virtualized (heterogeneous and end-to-end), Resilient, Orchestrated, Optimized and Modular (needs to scale).

The bottom line: All the core areas that need to merge and converge - based on standards - cannot simply be loosely assembled or pulled out of thin air. No business I know has that kind of extra budget or resources available for long implementation cycles - or the business security and solvency to even take that risk. What HP is announcing today is very exciting with the new introduction of the HP Converged Infrastructure strategy and architectural framework.

I invite you to take a look for yourself and "break through to the other side" with HP Converged Infrastructure!

www.hp.com/go/convergedinfrastructure

Duncan Campbell, Converged Infrastructure

The HP Converged Infrastructure strategy represents HP’s IT architecture of the future to help customers gain the benefits of a next-generation data center.

Duncan Campbell — Wed, 04 Nov 2009 13:19:00 GMT

The HP Converged Infrastructure strategy represents HP's IT architecture of the future to help customers gain the benefits of a next-generation data center. This 'breakthrough' direction is based on the extensive work done over the past few years based on the HP Adaptive Infrastructure strategy and portfolio investments - convergence of the critical "enablers" into a defined architecture that leverages our past investments and provides a roadmap for the future. Click here to read new Converged Infrastructure blogs.

Did you read the news today, oh boy! HP Converged Infrastructure.

Duncan Campbell — Wed, 04 Nov 2009 13:11:00 GMT

Why a converged infrastructure ... a look back in time?

Why I believe the HP approach is optimal for our customers?

The HP approach uses a unique value proposition and infrastructure requirements that are Virtualized (heterogeneous and end-to-end), Resilient, Orchestrated, Optimized and Modular (needs to scale).

I invite you to take a look for yourself and "break through to the other side" with HP Converged Infrastructure!

www.hp.com/go/convergedinfrastructure

Duncan Campbell, HP Converged Infrastructure

The HP Converged Infrastructure strategy represents HP’s IT architecture of the future to help customers gain the benefits of a next-generation data center.

Duncan Campbell — Wed, 04 Nov 2009 13:04:00 GMT

Cloud Security - New ISACA Whitepaper on "Business Benefits with Security, Governance and Assurance Perspectives"

ArchieReed — Mon, 02 Nov 2009 16:09:00 GMT

ISACA put out a paper on 29th Oct, 2009, titled "Cloud Computing: Business Benefits with Security, Governance and Assurance Perspectives"

While somewhat short, this paper is a must read for senior IT and business folks, as it shows that cloud computing still fundamentally requires work in terms of new and updated strategies to mitigate risks and manage governance and regualory requirements in order to truly suceed in broad enterprise computing solutions. Not barring the success of vendors such as Salesforce.com who maintain a huge amount of their own customers CRM data with a very minimal real guarantee of security or even service levels, the broad issue of security in the cloud remains the touchstone for many enteprise conversations.

Cloud Computing holds the promise of offering services on demand that are global, rapidly elastic, cost controlled and with minimal management. However, when you actually try to address the security issues (concerns), such as data loss protection, identity management and those compelling facets of cloud computing start to erode, as security does introduce a level of cost and complexity that most cloud providers are nto fully embracing. Once additonal requriements such as forensics with full audit trails appear, this simple slice of cloud will become a real storm (tropical, .violent, galeforce, unmentionable, or something else, will depend on the stituation).

This is why the efforts of the CSA and others are crticial to get a level of standardized approaches, if not standards themselves, to help organizations adequately deal with this reality. While this is a short paper, it does precede a valuable update and expansion of the original CSA "Security Guidance for Critical Areas of Focus in Cloud Computing".

HP IT CIO Forums – the ultimate collaboration zone!

Duncan Campbell — Wed, 28 Oct 2009 17:42:00 GMT

"What a refreshing change" ...

This is a direct quote that encapsulated many of the comments I received from CIOs while presenting at the HP IT CIO Forum in Hong Kong earlier this month. They were all very pleased that HP conducts these regionally-focused events as a great way to not only learn more about HP's own successful Next-Generation Data Center implementations, but as great place for the sharing of best practices and the exchange of ideas.

Led by HP IT executives and a team of professionals that "walk the walk" - not sales or marketing guys - this forum was deeply-rich in content and low on hype. In my mind, it has taken collaboration to a whole new level. So much so, I felt it important to share some of the insights from these CIO leaders and share some of the highlights about HP's own transformation.

Perspectives from a cross-section of CIOs ...

It was clear that most CIOs need to more tightly align IT with the business strategy, and that's not just about optimizing IT itself, but delivering business results. They need to be able to adapt quickly and deliver more within an unpredictable and rapidly changing business landscape - and do so with less cost and lower risk. Finally, they seemed to agree that there is a big need to make faster and better decisions. At the root of the problem is IT sprawl ... and one of the big culprits for chewing up a huge portion of the IT operations budget.

Perspectives from HP's own IT transformation ...

HP was no different. Before our IT transformation, our spending resulted in the proliferation of silos of IT that was adversely impacting business performance. Even out of our own data centers we encountered "shadow IT" - pockets of IT projects not owned by HP IT and managed separately. Like many IT organizations today, HP was spending upwards of 70% of its IT budget on operations and maintenance, leaving a disproportionate amount for innovation. Today we have exceeded the 80% mark in favor of innovation - now that is truly a transformation!

So what did we do? We reduced 85 data centers down to 6 sites (3 zones); we reduced the number of servers by 40% yet achieved 250% more in processing power while reducing energy consumption by 60%. Plus, we got IT down from 4% to 2% as a percentage of revenue. That is a very competitive industry number (above average). Now those are results that impact the business P&L.

Make no mistake; this was not just a huge consolidation project but a transformation of IT that impacted data centers, workforce, data marts, processes and governance. Automating IT Ops and putting in the rigor to have clear governance while communicating throughout the transformations were keys to success.

So often the application teams are the favored children in the world of IT. HP took a different and successful track that started by standardizing the infrastructure and minimizing the number of infrastructure "one-offs" that are very common in many organizations today. And by having 6 data center sites across 3 zones allowed us to up business continuity and better control any need for disaster recovery. IT automation tools and processes were deployed using a service-centric approach to manage IT by employing financial, service and quality management principles aligned with existing resources and aligned with business demand. In a nutshell, it was, and is, all about "Standardizing - Optimizing - Automating". I can still hear those words echoing throughout the halls.

In the end, we realized it's really about running "IT as a business" using financial acumen, dashboards and relationship management with the business.

Translating lessons into action for our customers ...

It became clear that CIOs both need and want to create more value in this uncertain business climate, and make that value sustainable into the future. Here are a few suggestions from our own learnings:

Standardize your infrastructure stack
Form a Project Management Office (PMO) for governance
Go modular and plan for scale
Break it into baby steps
Synchronize
Define core sets of processes
Actively communicate

Of course, and I know I'm being a bit bias, but if you need help getting started, or want to build a very practical roadmap based your specific requirements, HP can help - as we have done for many customers.

I'll leave with one final thought, as Warren Buffet quoted - " your problem won't improve with age". Let's get started!

Duncan Campbell, Converged Infrastructure

Understanding the language of hosted load testing

mark.tomlinson — Tue, 27 Oct 2009 20:19:00 GMT

I recently got an email from a colleague which was an invitation from a testing service vendor which does load testing on "The Cloud" (internet-hosted testing service). The invitation included some misleading language about load testing that I think can be confusing to engineers that are new to performance testing. So, here's the hook question they used in their invitation email:

"[Are you] Interested in learning how to load test your applications from an outside-in customer perspective, so you can find and resolve problems undetectable by traditional behind-the-firewall tools?"

Aside from the overly-casual, marketing-savvy tone of the sentence, there's actually so many hidden assumptions in this sentence it might be helpful for us to break it down:

"Interested in learning how to load test your applications..."

Well, that's obvious...of course we are interested in learning about load testing our applications. When this term is used generically as 'load test' I always point out that there is an assumption about the definition for load testing. Don't be fooled by this over-simplified language - because you might be led to think that doing performance testing is simple and easy. Like anything in IT...it's usually not simple, and often much less easy. Also, there are many different forms of performance testing, depending on the objectives for the testing; capacity planning, scalability, configuration optimization, query tuning, migration, disaster recovery & failover and stress testing...just to mention a few.

"from an outside-in customer perspective..."

We know this vendor was offering testing services from OUTSIDE the firewall, generating load IN to the application under test. This is usually a phase of testing that comes in addition your normal "in-house" performance tests, right before the system goes live, by running the load from the external network and infrastructure outside the company firewall or at a hosted facility. But it is more important to understand the concept of "outside-in" is actually the normal definition of most kinds of testing and especially for black box test design. To understand this, just ask yourself the inverse question: how would you conduct "inside-out" testing? My point here is that they mention "customer perspective" which is inherently an "outside-in" perspective...because end-user customers see almost every application from some type of external interface (GUI, or CLI). Essentially every good test is inherently designed from a customer-perspective. Customer requirements do exist even if you do not document them, or even think about them. There is a customer (or end-user) somewhere that will be impacted by the system's behavior. In your tests, those requirements should be directly applied in the test script and test cases themselves.

"find and resolve problems"

Well, it would be a shame to find a problem and not resolve it. Wouldn't you agree? For many years now there have been complementary solutions to performance testing tools that enable profiling and diagnostics on the system under test. It's very common now to have a performance team that includes not only testers, but developers and architects that can repair the application code and queries on-the-spot, right when a bottleneck is found. We hear from many developers using LoadRunner for unit performance testing, and they find & fix bottlenecks so quickly...it is perceptibly a single task to them.

"undetectable by traditional behind-the-firewall tools"

Undetectable? Really? There's an implication here that your performance testing environments do not include enough of the production infrastructure to find and resolve bottlenecks that would usually only exist in production. That's only true if you don't replicate 100% of the production environment into your test lab - which is a common limitation for some companies. But let me be very clear - that is not a limitation of the testing tool. It is only a limitation of your resources or imagination. To be totally honest, LoadRunner already fully supports testing and monitoring and diagnostics of nearly 100% of your production environment. You can even run LoadRunner against your ACTUAL production systems, if you want to (although we don't recommend overloading production...in fact, please don't do that to yourself). And don't forget, a good replacement for the actual production infrastructure is a virtualized or emulated infrastructure - using solutions like Shunra or iTKO LISA Virtualize.

The word "traditional" is just a derogatory connotation which seeks to discredit any technology that existed before today. This usually means that there is also very little respect for the existing discipline of performance testing as it is commonly defined and conducted today. The truth is there is nothing traditional about LoadRunner or load testing. And to be very honest there's nothing modern about this "outside-the-firewall" testing service provider. HP SaaS (formerly Mercury's ActiveTest) has been doing this type of testing for nearly 10 years...and they've been doing it successfully with LoadRunner, year-over-year with every new technology innovation that's come along the way.

Don't get me wrong - I do agree there are some physical bottlenecks that cannot be detected "behind-the-firewall". Those are bottlenecks you might find with your ISP or Teleco provider in their systems or switch configurations. Maybe the routing tables for global internet traffic aren't ideal for your application end-users in New Guinea. Or maybe the CDN systems are having difficulty with performance throughput and simultaneous cache replication. But if you find a bug with those OTHER COMPANIES...how do you get those bugs fixed? Can you force them to optimize or fix the issue? Is your only option to switch to another external provider with better performance, but perhaps other risks?

So, if we were to re-write this sentence with something more accurate, transparent and honest:

"Are you interested in learning how to conduct effective seasonal spike testing of your production systems from outside-the-firewall, so you can enhance your existing internal performance testing efforts by diagnosing additional problems that you'll find with the external production infrastructure that you probably don't have in your own testing lab?"

(I guess it doesn't sound as catchy, eh?)

Is Supply Chain Data safe in the Cloud?

christianverstraete — Mon, 26 Oct 2009 12:28:00 GMT

At the Gartner Symposium, last week, HP's CEO Mark Hurd was quoted about the lack of security in the Cloud. This is only one of the voices heard about cloud computing security. So, should we stop thinking about linking our partners in the cloud to gain visibility in our Supply Chain? Maybe, maybe not. What vulnerability are we talking about? In public clouds there are three major:

The transfer of information from your partner to the cloud. There standard SSL security (with 128 bit encryption) is used. This issue is not specific to cloud, it is actually applicable to e-commerce etc. Yes, there have been breaches at that level (nothing is fully secured), but we continue shopping, don't we. To address this, some cloud providers allow VPN connections, but often more in a "private cloud" type offering.
The hacking of the datacenter in which the data may be maintained. And here again this has happened in multiple environments. Mark Hurd pointed out that HP gets 1000 attacks per day. Obviously, hosting applications and data in the cloud, forces companies to trust the cloud providers who, for very understandable reasons, do typically not highlight/explain all the security measures they take. So, this is a chicken and egg problem. Data centers have been hacked, but it is not stopping companies storing credit card numbers etc. in internet enabled datacenters.
The third vulnerability is the least known one. As the cloud implies the running of applications in shared environments, using virtual machines, there is a possibility for tech savvy hackers to co-locate themselves with the application they want to hack and penetrate that VM container. This is obviously only applicable in public cloud environments. The security at hypervisor (the software allowing multiple VM's to run on the same hardware) level is the main question here. Unfortunately in this space there is not a huge amount of experience yet as this is rather a young area. HPLabs is currently working on the concept of secure cells to address this.

So, this being said, should we use cloud computing to share our ecosystem information? The fundamental question to ask ourselves is how private this information really is. Let me give an example. If you are a cosmetic company, you are probably not interested in putting perfume recipes in the cloud, as that is what makes you unique. So, even with a very small chance of the information becoming public, it does not make sense to take that risk. On the other hand, marketing material and prices/discounts are publically available. Yes competitors may have to search a little, but they can/will find the information if they wish so. Having that information in the cloud does not augment the risk drastically.

So, prior to using cloud services to collaborate in the Supply Chain, it is important to assess the confidential nature of that information, and whether this data can be obtained by other means. Objectively assessing the nature of the information is critical to establish whether putting the data in the cloud is/or is not a real tread for the future of the enterprise and its ecosystem.

If no clear consensus can be obtained, you may want to look at intermediate solutions. For example, utility based environments such as AIS (Adaptive Infrastructure Services) provide a secure access to the environment (using VPN or leased lines). As these environments have more stringent security rules, they may appear to the community as less subject to hacking. Ultimately, the security debate is one about trust. The fundamental question is whether the supply chain community trusts the provider or not.

New security techniques will be developed in the future and will change the perception of companies. However, if companies want to start experimenting with cloud today, they should start in non-critical areas.

Cloud Security – HP’s CEO finds cloud computing – vague, unsecure, what?

ArchieReed — Tue, 20 Oct 2009 23:01:00 GMT

HP's CEO, Mark Hurd, took the stage today as a keynote speaker at Gartner's Symposium.

Out of the gate we see the headlines such as "HP's Hurd dings cloud computing, IBM" (CNET) and "HP's Hurd: Cloud Computing Has its Limits" (Seeking Alpha).

Leaving aside the grammatical issues with the articles title, and IBM for that matter, let's consider what Mark had to say and what HP thinks are the real issues and real solutions for cloud computing.

Firstly, what about HP's own potential use of cloud computing as quoted by CNET -

"The cloud is real for many consumer services," he said. So why isn't it suitable for HP's core financial records stored in the general ledger? "Security, for one thing. We get about 1,000 hacks a day. They're more sophisticated every month," Hurd said. "Security and reliability is a huge thing. It's unlikely we'd put anything outside the firewall that's material in nature that we couldn't 100 percent secure."

Those in the audience gave me the following insights.

Mark was asked about disruptive technologies and brought cloud computing up as the first example.
Customers that he talks with find the term "cloud computing" too vague... There is a critical need to break it down into clear services and simplify service offerings
"Behind the firewall clouds can do great things"
In front of the firewall, "HP is experiencing 1000 hacks/day"
Mark is NOT in favor of email or financials in the cloud (C/NET article quotes this verbatim)
There is a need for 100% secure clouds
HP will play in 100 percent secure clouds".
Security and Reliability are key...
Critically, Mark talked a lot about security. In fact, he spoke more about security in this cloud context than ever before.

In the broad Security remains the #1 concern or barrier to using cloud computing (definitions aside). IDC recently released their "Cloud Computing 2010 . An IDC Update" report which showed that year over year security not only remains the #1 concern, but in fact grew from 74.6% in 2008 to 87.5% in 2009. What is interesting here is that while security remains the #1 concern for cloud computing, it still does not feature in ANY of the common cloud definitions...

Regardless, HP offers its own views on how to manage the enterprise approach to cloud computing which heavily emphasises security and risk management in general as key components to its strategic use. In fact, this week we published a very high level article on how "Faith-based IT doesn't work in the cloud".

Firstly, when you utilize the cloud, it's critical that you know where your data is, how it's protected, and who can access it. Unfortunately, many cloud service providers don't share these details. Even worse, many make no promises about protecting your data. Here are the key points to consider for a secure approach to cloud computing:

Classify: When considering a cloud service, first classify your data to determine its suitability for the cloud. Doing a cost benefit analysis is an important part of this process. Are the savings of putting data in the cloud worth the risks of breaches in security or privacy regulations?
Assess: Find a service provider that does security assessments to determine whether your application or data is ready for the cloud. The best service providers will determine which compliance regulations you're subject to and help you meet them.
Start with non-sensitive data: Don't begin your foray into the cloud with applications that expose your customers' credit card numbers and bank account information. Start with the less risky applications until you can securely manage the model and your provider's services.
Critically evaluate service provider agreements: Find out exactly how your service provider plans to secure your data and keep it private in the cloud. If your data is critical to the business, demand satisfactory assurances from your provider. These include appropriate terms of service (TOS), acceptable use policies (AUP) and service level agreements (SLAs).
Encryption: Don't leave encryption to your cloud service provider. Make sure you have key lifecycle management in place. Also, using your data classification effort as guidance, encrypt your data as appropriate and necessary.
Insist on transparency: Demand the ability to know what's happening in the physical infrastructure that underlies the virtual infrastructure.

This is a very short article on the issues and how to approach cloud computing in a simpler and more secure manner. Look for much more from us on the HP Secure Advantage for secure cloud solutions alongside our overall HP Cloud Computing Solutions strategy breakdown including: HP's Cloud Assure service enables security and performance in the cloud and HP's Cloud Consulting Services