A perspective on cloud computing and enterprise saa s applications


Published on

A perspective on Cloud computing and SaaS for Enterprise applications by a SaaS industry veteran.

Please make sure you read the speakers notes, there's a significant amount of content there.

Published in: Technology, Business
  • Be the first to comment

A perspective on cloud computing and enterprise saa s applications

  1. 1. A PERSPECTIVE ON CLOUD COMPUTING AND ENTERPRISE SAAS APPLICATIONS George Milliken February 8, 2012 Copyright © George Milliken and Todd Varland portions copyright their respective owners as noted in reference section
  2. 2. Who Am I? George Milliken, Director of Solution Delivery in CA Technologies SaaS Hosting division Manage the Database Architecture and the Service Introduction teams Provide the technical architecture and program management necessary to introduce new enterprise applications into production as Software as a Service (SaaS)
  3. 3. Objectives • Quickly cover some basic terms • Outline the challenge and opportunity cloud computing presents to enterprises • Talk about some things to consider as both a consumer and provider of SaaS • Emphasize key concepts
  4. 4. Cloud Computing is a Pervasive Topic Search Google and you get 327,000,000 hits Scholastic (K-12) Education – Articles in Cloud applications in K12
  5. 5.  80% of enterprises surveyed have already deployed at least one cloud service.  Over 50% have deployed six or more cloud services, while maintaining legacy infrastructures. Enterprises are rapidly adopting cloud services to gain efficiencies and speed time to market for new business services Distributed Internet Virtual Cloud Mainframe 5 Image copyright © CA Technologies 2012 All Rights Reserved
  6. 6. What is Cloud Computing? • Extension of SaaS • Why buy when you can rent? • Cost-effective for consumers of Cloud • Highly profitable for large data centers
  7. 7. Economic Shift Positive TCO Shift Economies of Scale Moore’s Law Redux New Buyers (Business not IT) Opex v. Capex Departmental v. Enterprise Business Unit Decision Maker v. Central IT
  8. 8. Economic Shift Negative Financial Distortions Not counting capital in a sensible manner Not counting labor costs Not tracking the costs of outages Impact of Failing to Achieve Economies of Scale Tragedy of the Commons Costs need to factor in new requirements driven by cloud Are you good at running data centers? Really?
  9. 9. IT will be accountable for management and security across a diverse range of cloud and traditional models The New Heterogeneity Which applications do we move to which cloud models when? How do we minimize security, compliance and availability risks? How do we avoid vendor lock-in? Which operational processes do we keep, tweak or transform? How do we make sure it is all working together for business value? New Questions Fabric Converged infrastructure New datacenter Existing datacenter Virtualization Hybrid Cloud Use IaaS Traditional services Build on PaaS Use SaaS Private cloud Cloud burst 9 Image copyright © CA Technologies 2012 All Rights Reserved
  10. 10. SaaS Middleware Database Virtualization/ Operating System Cloud Computing/ SaaS Applications Enterprise Data Center/Private Cloud Additional complexity is created by the cloud 10 Top 5 challenges of cloud computing – Management of hybrid world – Performance monitoring – Reliability/service assurance – Automating service delivery across platforms – Security Middleware Database Virtualization/ Operating System Public Cloud SaaS Infrastructure SaaS Applications Virtualization / Operating System Database Middleware Servers Storage Networking Applications All trademarks, trade names, service marks and logos referenced herein belong to their respective companies Image copyright © CA Technologies 2012 All Rights Reserved
  11. 11. Storage Storage Storage Network z/OS Unix Linux Windows Network Hyper Storage Private IaaS Private IaaS Hosted PaaS Hosted PaaS Integrated L W L W Hyp L W L W Hyp W W W W Hyp Physical Virtual Cloud infrastructure layer complex technologies, many vendors and deployment models 11 Automate Manage Secure Infrastructure Layer What’s in your portfolio? Image copyright © CA Technologies 2012 All Rights Reserved
  12. 12. Enterprise Applications Composite Applications SaaS Applications CRM ERP Email Office Automate Manage Secure Infrastructure Layer application layer 12 What’s in your portfolio? Application Layer Automate Manage Secure Image copyright © CA Technologies 2012 All Rights Reserved
  13. 13. Automate Manage Secure Infrastructure Layer services layer focus on delivery and consumption of IT as a service 13 Application Layer Automate Manage Secure Technology Services Information Services Cloud Services What’s in your portfolio? Services Layer Automate Manage Secure Image copyright © CA Technologies 2012 All Rights Reserved
  14. 14. Cloud, Iaas, SaaS, PaaS SaaS  CA Clarity  Nimsoft  Salesforce  Netsuite  Gmail  SuccessFactors PaaS  Force.com  Heroku  OpenShift  Azure Cloud  Amazon  Google  IBM IaaS  Rackspace  Opsource  Carpathia
  15. 15. On Premise Delivery Model On Premise More control Traditional revenue model More customization possible
  16. 16. SaaS Not necessarily multi-tenant Different revenue model Trade off cost savings for loss of control Loss of control is not a bad thing Shift TCO to the vendor!
  17. 17. Please Point this Application at the Internet! On premise to SaaS Pit Falls Who’s the Line of Business “owner”? What’s the service catalog 2 or 3 customers is easy - 600 is hard - requires a number of systems to be in place “as a Service” Gaps (a cautionary tale) Identity, Backup, Restore, Refresh…. Metering and billing
  18. 18. Common “as a Service” Gaps Provisioning Refresh Usage metering Support Portal Diagnostics & instrumentation CMDB & CRM Notification Tenant Placement / Move tenant
  19. 19. Orchestration Required to build and deploy complex services cost- effectively More than just imaging, it’s about the fulfillment process used to deliver a defined service Involves combining business processes with technology processes to deliver a business solution Working application Billing and metering Scaling
  20. 20. Orchestration Vendors CA Technologies Gale Technologies TIBCO Oracle IBM Open Source Options – Check Out JuJu Puppet Chef OpenStack
  21. 21. Think Services Services are what matters Can you efficiently leverage the cloud to provide services? Can you move or fail a service between clouds? Can you scale up if needed (cloud burst)?
  22. 22. Successful SaaS Development Agile Scrum team focused on SaaS issues Be the Product Owner v. Customer More than release planning, what’s the mechanism look like? Automate everything, touch nothing (write scripts that write scripts) Consider DevOps Approach Examine your ITIL alignment
  23. 23. Dev Ops DevOps is a lean approach to operations Minimize the information loss during handoffs by blending teams Dev->Test->QA-> Prod Image copyright © Damon Edwards 2012 All Rights Reserved
  24. 24. Think Dev Ops Build internal Expertise Outsource a well-defined objective (offering) Benefits Release cycle time Software mostly works (as opposed to mostly doesn’t) Lower deployment costs Ability to instrument and measure deployment cycle Prevent “aaS” as a service gaps
  25. 25. Talk to Operations to Gather Operational Requirements Get Your Operational Groups Input Don’t Build Cloud Orchestration in a vacuum  You have a wealth of knowledge in house Tap that knowledge to understand the operational issues you face This will greatly assist you in deciding what to orchestrate, how to do it
  26. 26. The Ideal – White Cloud Apps Everyone runs the same version Great new features released often Bugs are fixed rapidly (often without the user even knowing it existed) Customer Service is Exceptional
  27. 27. Reality the “Dirty cloud” Multiple versions in production Releases still take a long time Bugs fixes and patching complicate the service Customer Service is more complex
  28. 28. Why Many Company Build Dirty Clouds Central IT has power We have idle servers We think we’re good at IT But are you good at rendering a service?
  29. 29. Attributes of real cloud offerings Orchestrated Services Auto-provision / De-provision Pay as you go – Metered and measured service Choice can be exercised up to the point of purchase Self-service Capacity on demand API – Programmatic interface Chargeback and Showback visibility
  30. 30. Multiple Clouds Vendors Can Add Complexity Why would you use multiple vendors? Issues Common to Multi Vendor (or data center) situations Multiple VPNs can be a pain Integrated on call support call trees is a pain CMDB is critical
  31. 31. Multiple Clouds Vendors As a Strategy Prevent lock in Address regional concerns Keep your options open
  32. 32. What’s my SLA? Is it up? What does “up” mean? How measured? What’s planned v. unplanned maintenance? What’s the remediation for missed SLAs?
  33. 33. 99.9% Uptime What’s it mean? What’s it take? Practical Considerations 99.5 = 43.2 hours a year 99.9 = 8.76 hours a year (3 nines) 99.999 = 5.26 minutes a year (5 nines)
  34. 34. Deployment Considerations Interlocking Development Life cycles Change Control Operational Readiness Testing (ORT) What is ORT Need for ORT
  35. 35. SaaS Operational Readiness Testing (ORT) • Support Access to • Logs • Customer Environments • Performance Reports • Configuration Interfaces • Monitoring Systems • Alerts • Performance Testing • Batch Processing • Outside In Performance • Upgrade Testing • Upgrade to new version(s) • Migration Testing • Migrate to new version(s) / platform • Release Testing • Release process verification • Contingency Plan • Rollback during Cutover • Technical Testing • Failover / HA • End-to-End Testing • Applications/HW/SW/Network • Backup / Restore • Monitoring/Alerts • Security Testing • Log-on / Authentication / Authorization • Operations Testing • Run Books Simulation • SLA/SLO Confirmation • Compliance Readiness • Impacted Apps (e.g. CHSOPS) • Patching • Provisioning • Environment Refresh • Top 10 Service Catalog Items • Top 5 Troubleshooting Requests
  36. 36. Support Considerations Interlocking Support Organizations Ticket Flow CMDB
  37. 37. InfoSec Concerns Embedded Passwords (at rest) Password changes Personally Identifiable Information Encryption Federated Identity
  38. 38. Privacy Where’s my data? Who has access? Can I have access? Regional considerations Where are you? Where are your customers? Patriot Act
  39. 39. Compliance SAS70, SSAE16 - what is this? why it’s important, why it can be misleading
  40. 40. Summary For SaaS remember Product != Service For the cloud think Multi-vendor Use of ITIL, Agile and DevOps methods are pieces to the puzzle SaaS Customers expect more thank on premise
  41. 41. QUESTIONS?
  42. 42. References • Defense Information Systems Agency http://disa.mil • Above the Clouds: A Berkeley View of Cloud Computing • CA Technologies Corporate Overview Portions Copyright © 2011 CA. All rights reserved. • Guidelines on Security and Privacy in Public Cloud Computing (NIST Special Publication 800-144) http://www.nist.gov/manuscript-publication-search.cfm?pub_id=909494 • NIST Definition of Cloud Computing http://csrc.nist.gov/publications/nistpubs/800-145/SP800-145.pdf • National Institute of Science and Technology. Retrieved 24 July 2011. "The NIST Definition of Cloud Computing". • Wikipedia “High Availability Calculations” http://en.wikipedia.org/wiki/High_availability • “Continuous Delivery” by Jez Humble http://continuousdelivery.com/ • http://www.businessweek.com/news/2011-12-15/white-house-seeks-to-spur-cloud-computing-use-by-agencies.html • “Continuous Delivery Patterns and Antipatterns in the Software Lifecycle” by Paul M. Duvall http://refcardz.com • Software as a Service: Strategic Backgrounder; SIIA 2001 • “DevOps is not a Technology Problem” by Damon Edwards http://dev2ops.org/blog/2010/11/7/devops-is-not-a- technology-problem-devops-is-a-business-prob.html
  43. 43. TERMINOLOGY  SaaS: Software as a service  PaaS: Platform as a service  IaaS: Infrastructure as a service  Cloud: Combination of IaaS, PaaS, and SaaS which is elastic, metered, elastic and has the illusion of infinite capacity.  FISMA: Federal Information Security Management Act  Hosting: a service that runs Internet servers such as an ISP  ISP: Internet service provider. A company that hosts web sites and provide virtual servers in a traditional hosting mode.  Single Tenant Apps: Traditional N tier enterprise application stack.  Multi Tenant Apps:  SLA: Service Level Agreement  TCO: Total Cost Of Ownership  SOA
  44. 44. TERMINOLOGY (CONT’D)  VPN: Virtual Private Network  SDLC: Software Development Life Cycle  CMDB: Configuration Management Database.  CRM: Customer Relationship Management  API: Application Programming Interface  ORT: Operational Readiness Testing  ITIL: Information Technology Infrastructure Library  IDM: Identity Management  ASP: Application Service Provider