Some cloudy predictions

Gerbrand van Dieijen

Spring just started, so in time for an attempt at predicting the future (it has just started to use a cliché). Together with a few colleagues we brainstormed about what we think is important. After that I created the post below. In short: software development processes, local and public clouds and security. Minor disclaimer: this is my own view.

Software development processes

Continuous is the word. Continuous integration, development and deployment. Software should not be production ready, software should be used in production. That's also the main idea behind the lean startup movement: release something viable as soon as possible, so you can get feedback, but not just at (lean) startups, at any enterprise. More and more organizations finally realize the extremely long time it takes between idea and actual realization is wasteful all the way.

With that regard, fixed price, fixed scope projects, fixed time are out. Creating elaborate specifications consisting of long documents by management consultancy companies and then creating software based on those documents by the cheapest bidder. Fixed price has never worked, will never work and it won't be to long for even the government to realize that. Or at least the people that don't retire. But as many organizations can't handle truly agile development yet, we may see the rise of fixed price, fixed time projects with a single goal rather than a fixed set of requirements. That requires both customer and vendor communicate openly with each-other, in word and in person. So traditional contract based tenders (aanbestedingen in Dutch) don't work here. Fortunately, they're are good alternatives, agile and lean contracts are worth an entire blog posting if not a book.

Local Cloud

The cloud is hip. Not everyone agrees on the definition, but one I use in this posting is using resources of connected computers, and getting billed only for usage. When everyone can use those connected computers, you're on the public cloud and you not only have to trust Amazon, Google, Rackspace or Microsoft or other vendor thats maintaining those computers, you'll also have to trust the government where the actual hardware is located. For this reason, most of these vendors have the option to have your data and software be hosted only in specific regions (like US, Europe, Switzerland).
Better then trusting a vendor, is to host your own local cloud. Multiple solutions exist for that too: Redhat, VMWare (Spring) and various other companies provide cloud solutions that you can install on your own data-center. Many organizations see the benefit of that, so lots of organizations will want to have they're own cloud.

Local cloud means your application just uses up capacity on demand of your entire data-center, both in terms of hardware resources as in people. Since all of your applications share the same data-center so resources and people are used more efficient. When capacity isn't enough, you just order new hardware. The cloud solution like Redhat or VMWare will make sure those new resources are used. The system operators (ops) can focus on having run you're cloud smoothly, rather then individual applications or servers.

Privacy

Speaking of clouds: people that worry about privacy issues on the data being stored at Google, Facebook, Apple and lots of other companies will be listened too. The EU will enforce companies to allow people to fully access and optionally remove any personal data companies have gathered on them. With a bit of luck and some sanity will be able to move our data from one cloud to another, truly owning our data.

Security

Security is also an important aspect of clouds and software in general. Quite a lot of security incidents have occurred over the last year. Often, if not all the time, the root cause is emphasis on procedures and procurements rather then the mathematical and technical aspect of security. Notable the Diginotar disaster in our country, The Netherlands. Diginotar was the royal provider of digital certificates. The company had trustworthy name (Notar comes from the Dutch word Notaris - Notary) and a business consultancy company PwC (Dutch article), have verified they had proper checklists in place!

People will realize to have truly security, you'll have to understand the software and the encryption methods you use, rather then policies, brochures and buzz-words. Also something which is worth a few blog postings.

Comments (1)

  1. Andrew Phillips - Reply

    May 4, 2012 at 11:25 am

    > Better then trusting a vendor, is to host your own local cloud.

    Could you go into a little more detail into why exactly you think a local cloud is "better"? Of course you potentially have more control, although how much more depends a lot on which public cloud you're going with.

    Besides the EC2s and Rackspaces there are many IaaS providers (such as the vCloud providers, CloudSigma, ElasticHosts, to name but a few) that offer more "enterprise-y" options including dedicated resources to deal with privacy and noisy neighbour concerns. The level of control you have here approaches that of more traditional managed hosting services.

    Also, "going local" might feel more comfortable, but can actually end up making things less secure. vCloud provider Bluelock mentions a number of interesting use cases where customers actually had to go to the cloud to achieve PCI/SAS 70 compliance that they did not have in their own datacenter.

    Of course, though, it goes without saying that adopting cloud requires a degree of trust in an external provider - something examples like Salesforce demonstrate is perfectly possible if the economics are right. And unless you already have significant CAPEX investment in datacenters the economics currently seem to favour not building your own local cloud but leveraging the CAPEX and economies of scale that Amazon and co benefit from.

    In fact, from the perspective of the most recent trends (and if you look at what players like IBM, RedHat and VMware are throwing their weight behind) the current idea seems to be to skip the tedious virtual infrastructure management bit entirely and go for a public or hybrid PaaS solution, or a private one built on something like OpenStack or CloudStack.

Add a Comment