Cloud Computing : adoption issues
In my previous post about ” Cloud Computing” , I tried to explain my understanding about cloud computing so far. In this post I am trying to highlight some of the important points and concerns , from various research studies, that need attention while planning for a cloud based services for any organisation.
Issues with Cloud adoption
There are three types of potential users of cloud computing services: consumers, small organizations, and medium to large organizations. Consumers and small organizations have relatively simpler requirements for adopting a new technology than medium to large organizations, and have much less to lose if the adoption goes awry. There are at least seven types of adoption issues for cloud computing . They are
- Outage (availability)
- Private clouds
Of these, outage, security, and performance are quality of service (QoS) issues. Only some of the adoption issues matter to consumers and small organizations. However, all of them are of concern to medium to large organizations.
An outage may be temporary and permanent. A permanent outage occurs when a cloud service provider goes out of business. This has happened, and will happen again. Temporary outage of cloud computing services appears to be inevitable. It may happen several times a year, and each time it may last a few hours or nearly one full day or even longer. When large cloud services become unavailable, there is a nearly instant and worldwide coverage of the outage. Such services as Amazon, Google, Citrix, etc. have experienced highly publicized outages during the past couple of years.
The users of a cloud service should exercise prudence, and take one or more of the following precautions. First, they should not entrust absolutely mission-critical applications and data to the cloud service providers; that is, they should use cloud services for non-mission-critical applications and data. This explains the current uses of cloud services for Web site hosting, software testing and online data backup. Second, they should keep backups of applications and data on on-premises servers and storage, or on a secondary cloud service. Third, they should secure as favorable a service-level agreement (SLA) as possible from the cloud service provider for a favorable partial redress in case of temporary outages. We note that none of these precautions is entirely satisfactory. The first limits the use of the cloud service. The second and third erode the cost advantage of the cloud service. The third never fully compensates for the actual damage.
The security of computer systems, and the data stored on them, can be compromised in so many ways, 100% security is simply impossible. Sophisticated hackers can break into just about any computer system. A cloud may become a “honey pot” that attracts hackers. Accidents may happen during physical transportation or electronic transfer of a large volume of data. Dishonest staff members may do bad things to the computer system or data. We believe, however, that the clouds are not less secure than on premises computing systems. There is no reason that the best security technologies and processes that can have been adopted for on premises computing systems cannot be used by the cloud service providers.
Further, the effects of security breaches on the cloud service providers are as great or even greater than those on medium to large organizations. As such, the cloud service providers should be highly motivated to do their best to secure their servers and data. The security measures that Amazon Web Services employs may serve as a model for other cloud service providers. The user can run his customized machine image with a full root access. The user can have his own ingress firewall. The user can also have granular access control for every file. The user needs CERT, a public key, a long ID string, a security ID to access Amazon’s resources.
A major source of performance problem for cloud services is the communication time between the client computer and the Web server in the cloud. This problem becomes serious as the number of simultaneous users increases, and the amount of data transferred to and from the cloud increases. Even the physical distance between the client computer and the cloud makes a difference. Sometimes organizations discover the need to substantially increase the communication bandwidth shortly after adopting cloud services. Before adopting cloud services, organizations must assess the communication bandwidth requirements, and evaluate the performance behavior of the applications with respect to transfer of large amounts of data. Another source of performance problem is the inability for the service provider to scale up their computing infrastructure as customer demands increase beyond the original expectation. Before adopting cloud services, organizations must understand the service provider’s capacity assumptions and scale-out plans regarding the computing infrastructure.
In most of the countries, enterprises are subject to some government regulations regarding the secure storage, privacy, and disclosure of data. These regulations were written without consideration of cloud computing, that is, an enterprise storing data on a third-party computing facilities that are shared with other enterprises. It is not clear if cloud computing will violate such regulations.
5. Private Clouds
A private cloud is an on-premises cloud. A private cloud, except for its physical location, works just like a normal, or public, cloud. The virtual machines and storage are created by virtualizing physical computing resources; and the virtual computing resources are dynamically allocated and deallocated based on the needs of the users. Further, the users or departments in the enterprise are charged for the services they actually use.
Since the term “cloud” was coined to refer to a remote third-party service provider, the term “private cloud” is an oxymoron. Besides, one of the primary motivations for cloud services has been touted as the freedom from having to administer on-premises computing resources. A possible justification for the use of the term private clouds is the fact that a private cloud is envisioned as a central cloud for an enterprise, and it is to be accessed by users in different departments, as though it is a remote computing resource. In any case, the concept of private clouds has gained grounds recently.
Private clouds can serve as a halfway step before the adoption of public cloud services. Enterprises can gain experience using cloud services, and prepare their IT infrastructure and staff properly. Further, enterprises can make use of hybrid cloud services based on their private clouds and some public clouds. For example, when the capacity of the private cloud is exceeded, the enterprise may tap into the public cloud. There are adoption issues for hybrid cloud services. Today, if a workload is to be moved from a private cloud to a public cloud, both clouds require the same hypervisor, the same chipsets for the servers, and the same file system. Further, virtualization vendors have different virtual machine formats. To alleviate this problem, the Distributed Management Task Force has proposed an Open Virtual Machine Format.
Since organizations may need to adopt multiple service providers to various reasons, they need to integrate applications and data on multiple public clouds. Further, many organizations are likely to adopt hybrid clouds, they need to integrate applications and data between the private clouds and the public clouds. Technologies such as enterprise information integration (or federated database systems), enterprise application integration, and enterprise service bus can be adapted to address the cloud integration issues.
Cost is generally not regarded as an adoption issue. People take the “only pay for what you use” part of the marketing definition of cloud computing as a given. In the 1980s and 1990s, people took for granted about the promise of cost savings in outsourcing software development. The cost savings, while still significant, turned out to be much less than had been presumed, because of the need to communicate between the two parties (e.g., travel, stationing staff), to re-do work that was not done properly, gradual increase in fees charged, etc. Similarly, the promised cost benefits of cloud computing are bound to be eroded. As observed above, the need to maintain onpremises backup or secondary cloud services in order to cushion the impact of occasional outages certainly adds to the cost. The need to increase communication bandwidth to maintain a desired performance level adds to the cost. Further, the “remote administering of computing resources” part of the marketing definition of cloud computing does not mean that organizations that adopt cloud services can totally depend on the service providers for the administering of the applications, virtual machines and storage. The organizations still need to monitor the performance and availability of the virtual computing resources.
There are various monitoring tools, both commercial and open source. Monitoring requires staff time, and possibly commercial tools. These add to the cost. IaaS service providers create virtual computing resources out of physical computing resources, and allocate the virtual computing resources to different users. This means that multiple users share common physical computing resources. Some organizations insist on having dedicated physical computing resources in the cloud in order to prevent other “tenants” from possibly crossing paths. Use of dedicated physical resources in the cloud can substantially erode the cost benefits of cloud computing.