IEEE PHM Cloud Computing


Published on

June 21 Keynote address to IEEE PHM Conference

  • Be the first to comment

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide
  • Why all the discussion around the cloud computing? What is so interesting?Here are the key areas we are hearing from customers. Managed costs From a financial perspective, you can manage costs as a capital expense or an operational expense depending on what works best for your business. The exciting things here are to be able to get started quickly without huge barriers in capital costs as well as having predictable and reduced costs. Greater resource agility The management burden of anticipating and building out excess capacity IT infrastructure decreases. The result—less management, maintenance and deployment time, with the additional benefit of greater scalability to more easily handle peaks in demand.Greater business agility From an IT management perspective, you can focus on solving business problems, and not on infrastructure issues. A cloud model enables you to respond to business demands more effectively, and help ensure employees have on-demand access to critical business information, customers, partners and each other, using any device, from anywhere. Quote on the right is Aviva it was actually 142 days for the One Aviva intranet.Smaller carbon footprint At the same time, using off-premises IT infrastructure has the additional value of decreasing your environmental impact through a reduction in the physical resources required to run on-premises systems. This ofcoure can tranlate into lower taxes and power and utility savings for corporations. Microsoft datacenters benefit from negotiated low power costs and we leverage cool climates and place our DCs next to rivers for hydro power to further reduce costs and carbon impact. We are seeing key industry analysts also highlighting the benefits and momentum around cloud services. Cloud Analyst QuotesForresterTop Left:It’s not the hype, but actual business results achieved by early cloud adopters fueling CIO interest, according to James Staten, principal analyst at Forrester Research. “Early adopters are finding serious benefits, meaning that cloud computing is real and warrants your scrutiny as a new set of platforms for business applications.” Top Right: Forrester analyst Ted Schadler said a financial services firm migrated its employee portal to a cloud-based vendor and launched it in two months, while another firm he surveyed has spent the last 18 months building its employee portal in-house. Source: eweek.comBottom: Gartner’s predictions for the last 2 years have made some huge statements around the pace businesses will move to cloud services as well as how there is huge momentum for businesses to select and move some IT assets out of their own datacenters. More Quotes:ForresterCase Study: GlaxoSmithKline is moving approximately 90,000 email users to Microsoft's Exchange Online, a cloud-delivered service. The result is that GSK is able to optimize its messaging and collaboration platform to meet the full range of its end users' requirementsSource: forrester.comGartner:Cloud Computing Will Be As Influential As E-business. Source: gartner.comGartner:Cloud computing revenue will soar faster than expected and will exceed $150 billion within five years, Gartner report predicts. Cloud-based business processes are the largest portion of the cloud services market, which includes advertising, e-commerce, human resources, and payments processing.Source: infoworld.comGartner:Gartner predicts that by 2012, 80 percent of Fortune 1000 enterprises will be paying for some cloud computing services, and 30 percent will be paying for cloud computing infrastructure services.Source: One reason IT suppliers are sharpening their focus on the “cloud” model is its growth trajectory, which - at 27% CAGR - is over five times the growth rate of the traditional, on-premise IT delivery/consumption model. Source: blogs.idc.comIDC: Spending on IT cloud services will triple in the next 5 years, reaching $42 billion and capturing 25% of IT spending growth in 2012Source: blogs.idc.comMerrill Lynch: By 2011 the volume of cloud computing market opportunity would amount to $160bn, including $95bn in business and productivity apps (email, office, CRM, etc.) and $65bn in online advertising.Source:
  • No changes.
  • IEEE PHM Cloud Computing

    1. 1. Cloud Computing<br />Dr. Joseph Williams<br />Senior Director – Cloud Connect Strategies<br />Microsoft Corporation<br /><br />
    2. 2. Thank you for your time<br />PHM up in Seattle has historically been associated more with Boeing than with Microsoft<br />Software systems are incredibly complex and they operate in similarly complex ecosystems of Hardware, networks, security, and end-users<br />We do pay attention to PHM<br />
    3. 3. It is still the wild, wild west out there amongst the clouds…<br />A whole lot of vendors, analysts, and evangelists making a whole lot of noise<br />According to IDC, worldwide customers spent nearly $23 billion on public IT cloud services in 2010<br />Gartner was reporting 2010 spend of $68.3B, including private cloud<br />
    4. 4. Why Enterprise Customers Embrace the Cloud<br />Reduce CAPEX & OPEX<br />Latest Versions with No Server Upgrades<br />Predictable Subscriptions<br />Choice, Flexibility, & Resource Agility <br />Merger, Acquisition & Divestitures<br />Focus on Market Differentiation<br />Energy Efficiency<br />Up and Running Quickly<br />Plus CIOs are being told <br />they aren’t “innovative” <br />unless they are looking at<br />the cloud. <br />
    5. 5. Vision for a Cloud Enterprise<br />Sales<br />Collaboration<br />For all employees<br />Operations<br />Accounting<br />HR<br />R&D<br />Marketing<br />
    6. 6. It is all very seductive<br />And mystifying<br />
    7. 7. But the Cloud isn’t easy<br />“Cloud” has already disaggregated into <br /><ul><li>Service offerings
    8. 8. Technical platforms
    9. 9. Economic models</li></li></ul><li> The Cloud is a Battleground<br />The Battle In<br />THE CLOUD<br />The Battle for<br />CONSUMERS<br />The Battle In The <br />DATA CENTER<br />
    10. 10. The Cloud is complex<br />Each Service layer is every bit as <br />complicated as in any large-scale data center<br />Unlike in a traditional data center, each <br />service layer may have its own service-level <br />agreements (SLAs)<br />Each cloud service layer may need to <br />interoperate with services from other <br />providers; those interactions, in turn<br />may have their own SLAs<br />Extremely difficult to architect and build <br />for resiliency<br />Security is its own dynamic problem<br />
    11. 11. Customer Priorities For How they Select Cloud Providers<br />IDC Microsoft Hoster Server Infrastructure End User Survey - Dec 2010<br />
    12. 12. Cloud Services are customized combinations of services<br />Infrastructure<br />(as a Service)<br />Platform<br />(as a Service)<br />Software<br />(as a Service)<br />(On Premises)<br />Applications<br />Applications<br />Applications<br />Applications<br />You manage<br />Data<br />Data<br />Data<br />Data<br />You manage<br />Runtime<br />Runtime<br />Runtime<br />Runtime<br />Middleware<br />Middleware<br />Middleware<br />Middleware<br />Other Manages<br />Youmanage<br />O/S<br />O/S<br />O/S<br />O/S<br />Other Manages<br />Virtualization<br />Virtualization<br />Virtualization<br />Virtualization<br />Other Manages<br />Servers<br />Servers<br />Servers<br />Servers<br />Storage<br />Storage<br />Storage<br />Storage<br />Networking<br />Networking<br />Networking<br />Networking<br />
    13. 13. IT Pro shifts in management responsibility: Whose cloud is it?<br />On-premise IT department<br />Cloud service provider<br />Where things could get “interesting”<br />High<br />Low<br />Low<br />High<br />IaaS<br />SaaS<br />PaaS<br /><ul><li>IT has most control over Infrastructure
    14. 14. Theoretically, IT Org duties won’t change significantly
    15. 15. Initially, increased work responsibilities for architects
    16. 16. Monitoring processes will change with greater reliance on host (for security, resource allocation, connectivity, performance, etc.)
    17. 17. IT Pro has increased responsibility in terms of maintenance, monitoring, and troubleshooting
    18. 18. Troubleshooting is more complicated, support workflow more complicated
    19. 19. A top pain point
    20. 20. Monitoring processes may change with greater reliance on host
    21. 21. IT Pro has least control over this environment
    22. 22. Lightest touch troubleshooting and support
    23. 23. Relationship with host will be mostly routing trouble tickets</li></ul>Visibility Boundary<br />Visibility Boundary<br />
    24. 24. Cloud Management Platform Phases<br />Standard model for offering cloud services<br />These models take a strong dependency on what kind of SLAs the service expects to offer<br />
    25. 25. Where PHM fits in with Cloud Services<br />How teams understand the status of their service <br />reporting <br />dashboards <br />alerting<br />prediction<br />SLA measurement <br />Collection and analysis of data that reflects real-time and historical performance of the service against key scenarios<br />telemetry <br />machine health <br />instrumentation <br />tracing<br />alerting<br />Unified Experience<br />Customer Self-Service<br />Easy to Use<br />Proactive Focus<br />Next Generation Platform<br />Performance<br />Enablement<br />Stability<br />
    26. 26. Some interesting learnings since last year<br />A lot of enterprises don’t like the self-service model of the cloud and they are willing to pay for elevated support<br />Dealing with regulatory compliance / certification is complicated by<br />Legal interpretation<br />Risk tolerance<br />Procurement maturity<br />Cloud interoperability is really, really hard<br />Who controls the end-user experience?<br />Who controls PHM elements?<br />How to do trouble-shooting?<br />
    27. 27. Regulatory and Jurisdictional Challenges for the Cloud are the same as always<br />10 years ago…<br />Security and privacy top of mind<br />Hacking, virus propagation, cyber-espionage and cyber-warfare on the rise<br />Enforcement officials need tools & training<br />Vehicles for cross-border collaboration inadequate<br />Today…<br />Security and privacy top of mind<br />Hacking, virus propagation, cyber-espionage and cyber-warfare on the rise<br />Enforcement officials need tools & training<br />Vehicles for cross-border collaboration inadequate<br />
    28. 28. Still Unresolved : Jurisdictional Tensions<br />Where is the data?<br />Tensions created by different countries asserting jurisdiction over data<br />Tension between privacy rules requiring minimization of data retention obligations<br />Law enforcement access<br />Human rights concerns<br />How much should the location of the data matter?<br />
    29. 29. Data SovereigntyA Serious Problem<br />Greenland<br />Efficiencies and benefits of cloud computing are best achieved when data flows freely across borders<br />Privacy laws that restrict such flows will continue to be an impediment <br />European restrictions<br />Canadian provincial rules<br />Australia National Privacy Principle #9<br />Blackberry problems of 2010<br />Alaska<br />Norway<br />Finland<br />Iceland<br />Russia<br />Ireland<br />Sweden<br />United States<br />Canada<br />Germany<br />Belarus<br />Great <br />Britain <br />Ireland<br />Poland<br />Ukraine<br />Netherlands<br />Kasachstan<br />France<br />Mongolia<br />Romania<br />Uzbekistan <br />Kirgisistan <br />Italy<br />North Korea<br />Spain<br />Portugal<br />USA<br />Turkey<br />Tadschikistan<br />Japan<br />Greece<br />Syria<br />Turkmenistan<br />China<br />South Korea<br />Hong Kong<br />Tunesia<br />Libanon<br />Iraq<br />Afghanistan<br />Iran<br />Morocco<br />Bhutan<br />Israel<br />Nepal<br />Katar<br />Algeria<br />Libya<br />Pakistan<br />Bahamas<br />SaudiArabia<br />Westsahara<br />Mexico<br />V.A.E<br />Taiwan<br />Egypt<br />Myanmar<br />Cuba<br />India<br />Belize<br />Laos<br />Dom. Rep.<br />Oman<br />Mauretania<br />Eritrea<br />Bangladesh <br />Niger<br />Mali<br />Vietnam<br />Jamaica<br />Tschad<br />Honduras<br />Guatemala<br />Senegal<br />Yemen<br />Sudan<br />Kambodscha<br />Nikaragua<br />Burkina<br />El Salvador<br />Guinea<br />Philippines<br />Venezuela<br />Nigeria<br />Thailand<br />Z. R.Bangui <br />Ethiopia <br />Costa Rica<br />Guyana<br />Sierra Leone<br />Kamerun <br />Panama<br />Suriname<br />Columbia<br />Somalia<br />Malaisia<br />Liberia<br />Togo<br />Uganda<br />Fr. Guyana<br />Ghana<br />Gabun<br />Ecuador<br />Cote d‘Ivoire<br />Kenia<br />D. R.Congo <br />Indonesia<br />Congo<br />Papua New Guinea<br />Tansania<br />Brazil<br />Peru<br />Angola<br />Mozambique<br />Zambia<br />Bolivia<br />Zimbabwe <br />Namibia<br />Singapore<br />Madagascar<br />Paraguay<br />Botsuana<br />Australia<br />Swaziland<br />South Africa<br />Lesotho<br />Chile<br />Uruguay<br />Argentinia<br />New Zealand<br />
    30. 30. The Big Battles in the Cloud<br />Service descriptions do not rise to legal clarity<br />Need for standardization<br />Need for clear articulation (service catalog)<br />OpEx is not always preferable to CapEx, contradicting one of the generally assumed benefits of Cloud Computing<br />For many, CapEx is perceived as an easier and faster expense to justify, and OpEx is something they’re continually pushed to reduce.<br />
    31. 31. Final Thoughts – The Good News<br />Workforce mobility, supporting branch locations, and granting partners access to enterprise resources are becoming real<br />Conceptually there are significant Cloud benefits, including flexibility, resiliency (i.e., failover / DR), reduced internal management burden, faster provisioning, pay-as-you go, and anywhere access.<br />Licensing complexity will eventually be reduced:<br /><ul><li>Subscription easier than perpetual
    32. 32. Compliance is much simpler
    33. 33. Underutilization and undeployed software easier to manage</li></ul>Ease and speed to deployment are benefits will arise from the Cloud<br />Centralized Cloud IT will embrace collaboration and reduce complexity<br />
    34. 34. Final Thoughts – Some Grim News<br />Internet has enjoyed ‘light touch’ regulation – That will end soon<br />Data is becoming ‘stateless’:<br /><ul><li>Cross platforms
    35. 35. Cross providers Governments and Enterprises are very worried about this
    36. 36. Cross borders</li></ul>“Best of Breed” Clouds stiil need to integrate:<br /><ul><li>Developers need certainty to build globally relevant applications
    37. 37. Customers need confidence that their data is protected
    38. 38. Service providers need clarity to build the platform and infrastructure for the cloud</li></ul>Taxation will have caught up with the Cloud pretty soon<br />How legal and regulators frameworks view ‘interoperability’ could change things<br />
    39. 39. Questions?<br />
    40. 40. Appendix: Questions To Be Answered<br />The next few slides contain questions that really need to be addressed<br />Most enterprises will demand satisfying answers before deciding to move significant workloads to the cloud<br />Ultimately there is no right or wrong answer, there is just an answer which reflects the enterprise and its requirements<br />
    41. 41. Compliance and Risk Management<br />What certifications does your provider possess?<br />ISO 27001:2005<br />How often do they re-certify?<br />Do you have access to the audit reports?<br />Who conducts the audits?<br />How seamless are the processes to move in to the cloud and back?<br />How is the collaboration between the cloud provider and you with regards to essential processes like:<br />Incident Response<br />Forensic Analysis<br />Risk Management<br />Breach Notification<br />Law Enforcement Enquiries?<br />
    42. 42. Compliance and Risk Management<br />How do you handle dispute resolution and liability issues?<br />How can you ensure policy compliance?<br />How can you prove that you follow your internal policies in the cloud as well? What is needed?<br />What is needed to prove policy compliance towards any regulation you have to follow?<br />What industry or government standards do you comply with?<br />How is your infrastructure and processes audited and by whom? Do I have access to audit summaries?<br />How are you able to monitor your risks all across your infrastructure?<br />Are there clearly defined metrics for the cloud service to be monitored?<br />How are eDiscovery and criminal compliance requests handled?<br />Are the audit logs forensically and legally sound?<br />
    43. 43. Identity and Access Control<br />How can you integrate the provider’s identity metasystem with your identity management processes?<br />Who owns your identity?<br />Is there an in-person proofing for identities you will trust (if this is necessary from your risk assessment)?<br />How can identities federate across different services and from your internal environment to the cloud?<br />How do I federate with my partners, vendors, and other enterprises?<br />Is the application writer responsible for access controls or is there a service to do that?<br />How are the databases protected for access?<br />Do the software API’s have cryptographic keys in use?<br />Is all of your software signed?<br />
    44. 44. Service Integrity<br />How does your provider ensure the security of the written code?<br />Have they implemented a Security Development Lifecycle?<br />How do they do Threat Modeling?<br />How do they test against their Threat Model?<br />How is process consistency ensured?<br />What is the hiring process for the personal doing administrative operations?<br />Are they background checked?<br />What levels of access do they have?<br />
    45. 45. Service Integrity<br />How is the software protected from corruption (malicious or accidental)?<br />Is there a secure development and software integrity process enforced for all the code within the responsibility of the provider?<br />Who does the cloud supplier use as their critical suppliers and transparency into how those relationships are managed for security and availability?<br />What is the Security Update strategy of the cloud provider?<br />How does the cloud provider manage vulnerabilities? Including incident response and triaging?<br />
    46. 46. Other Integrity<br />End-Point Integrity<br />How is the client integrated into the trust relationship with the cloud (e.g. Cardspace)?<br />Information Protection and Transaction Integrity<br />Who owns your data?<br />Can it be encrypted?<br />Who has access to encryption keys?<br />Where is the backup located and do you have an on-premise backup? How is the backup purged?<br />Where is your data stored? What requirements do you have with regards to the physical location of your data?<br />
    47. 47. Key Findings – Cloud Migration of Applications<br /><ul><li>The sensitivity of app data has significant influence in determining which workloads/ apps IT departments would even be willing to consider moving to the Cloud.
    48. 48. Firms won’t move mission-critical apps or highly sensitive data sets into the Cloud. They want them on-premise for control, performance, and security reasons.
    49. 49. Highly integrated applications (e.g., ones that touch multiple internal databases or systems) are impractical to move to the Cloud in isolation.
    50. 50. Firms are generally not willing to re-write their legacy apps for the Cloud. The rare exception was if a positive ROI could be proven at the outset. </li></ul>Most Likely Candidates for Cloud<br /><ul><li>Packaged apps (SaaS)
    51. 51. Less mission-critical apps
    52. 52. New and/or smaller LOB apps
    53. 53. Infrequently used apps
    54. 54. Apps built on Web standards</li></ul>Least Likely Candidates for Cloud<br /><ul><li>Mission critical apps
    55. 55. Running highly sensitive data
    56. 56. Legacy apps/systems
    57. 57. Custom or specialized apps
    58. 58. Highly integrated apps</li></li></ul><li>Thank you!<br />© 2011 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.<br />The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.<br />