1. Cloud Computing Dr. Joseph Williams Senior Director – Cloud Connect Strategies Microsoft Corporation josephwi@microsoft.com
2. Thank you for your time PHM up in Seattle has historically been associated more with Boeing than with Microsoft Software systems are incredibly complex and they operate in similarly complex ecosystems of Hardware, networks, security, and end-users We do pay attention to PHM
3. It is still the wild, wild west out there amongst the clouds… A whole lot of vendors, analysts, and evangelists making a whole lot of noise According to IDC, worldwide customers spent nearly $23 billion on public IT cloud services in 2010 Gartner was reporting 2010 spend of $68.3B, including private cloud
4. Why Enterprise Customers Embrace the Cloud Reduce CAPEX & OPEX Latest Versions with No Server Upgrades Predictable Subscriptions Choice, Flexibility, & Resource Agility Merger, Acquisition & Divestitures Focus on Market Differentiation Energy Efficiency Up and Running Quickly Plus CIOs are being told they aren’t “innovative” unless they are looking at the cloud.
5. Vision for a Cloud Enterprise Sales Collaboration For all employees Operations Accounting HR R&D Marketing
10. The Cloud is complex Each Service layer is every bit as complicated as in any large-scale data center Unlike in a traditional data center, each service layer may have its own service-level agreements (SLAs) Each cloud service layer may need to interoperate with services from other providers; those interactions, in turn may have their own SLAs Extremely difficult to architect and build for resiliency Security is its own dynamic problem
11. Customer Priorities For How they Select Cloud Providers IDC Microsoft Hoster Server Infrastructure End User Survey - Dec 2010
12. Cloud Services are customized combinations of services Infrastructure (as a Service) Platform (as a Service) Software (as a Service) (On Premises) Applications Applications Applications Applications You manage Data Data Data Data You manage Runtime Runtime Runtime Runtime Middleware Middleware Middleware Middleware Other Manages Youmanage O/S O/S O/S O/S Other Manages Virtualization Virtualization Virtualization Virtualization Other Manages Servers Servers Servers Servers Storage Storage Storage Storage Networking Networking Networking Networking
23. Relationship with host will be mostly routing trouble ticketsVisibility Boundary Visibility Boundary
24. Cloud Management Platform Phases Standard model for offering cloud services These models take a strong dependency on what kind of SLAs the service expects to offer
25. Where PHM fits in with Cloud Services How teams understand the status of their service reporting dashboards alerting prediction SLA measurement Collection and analysis of data that reflects real-time and historical performance of the service against key scenarios telemetry machine health instrumentation tracing alerting Unified Experience Customer Self-Service Easy to Use Proactive Focus Next Generation Platform Performance Enablement Stability
26. Some interesting learnings since last year A lot of enterprises don’t like the self-service model of the cloud and they are willing to pay for elevated support Dealing with regulatory compliance / certification is complicated by Legal interpretation Risk tolerance Procurement maturity Cloud interoperability is really, really hard Who controls the end-user experience? Who controls PHM elements? How to do trouble-shooting?
27. Regulatory and Jurisdictional Challenges for the Cloud are the same as always 10 years ago… Security and privacy top of mind Hacking, virus propagation, cyber-espionage and cyber-warfare on the rise Enforcement officials need tools & training Vehicles for cross-border collaboration inadequate Today… Security and privacy top of mind Hacking, virus propagation, cyber-espionage and cyber-warfare on the rise Enforcement officials need tools & training Vehicles for cross-border collaboration inadequate
28. Still Unresolved : Jurisdictional Tensions Where is the data? Tensions created by different countries asserting jurisdiction over data Tension between privacy rules requiring minimization of data retention obligations Law enforcement access Human rights concerns How much should the location of the data matter?
29. Data SovereigntyA Serious Problem Greenland Efficiencies and benefits of cloud computing are best achieved when data flows freely across borders Privacy laws that restrict such flows will continue to be an impediment European restrictions Canadian provincial rules Australia National Privacy Principle #9 Blackberry problems of 2010 Alaska Norway Finland Iceland Russia Ireland Sweden United States Canada Germany Belarus Great Britain Ireland Poland Ukraine Netherlands Kasachstan France Mongolia Romania Uzbekistan Kirgisistan Italy North Korea Spain Portugal USA Turkey Tadschikistan Japan Greece Syria Turkmenistan China South Korea Hong Kong Tunesia Libanon Iraq Afghanistan Iran Morocco Bhutan Israel Nepal Katar Algeria Libya Pakistan Bahamas SaudiArabia Westsahara Mexico V.A.E Taiwan Egypt Myanmar Cuba India Belize Laos Dom. Rep. Oman Mauretania Eritrea Bangladesh Niger Mali Vietnam Jamaica Tschad Honduras Guatemala Senegal Yemen Sudan Kambodscha Nikaragua Burkina El Salvador Guinea Philippines Venezuela Nigeria Thailand Z. R.Bangui Ethiopia Costa Rica Guyana Sierra Leone Kamerun Panama Suriname Columbia Somalia Malaisia Liberia Togo Uganda Fr. Guyana Ghana Gabun Ecuador Cote d‘Ivoire Kenia D. R.Congo Indonesia Congo Papua New Guinea Tansania Brazil Peru Angola Mozambique Zambia Bolivia Zimbabwe Namibia Singapore Madagascar Paraguay Botsuana Australia Swaziland South Africa Lesotho Chile Uruguay Argentinia New Zealand
30. The Big Battles in the Cloud Service descriptions do not rise to legal clarity Need for standardization Need for clear articulation (service catalog) OpEx is not always preferable to CapEx, contradicting one of the generally assumed benefits of Cloud Computing For many, CapEx is perceived as an easier and faster expense to justify, and OpEx is something they’re continually pushed to reduce.
33. Underutilization and undeployed software easier to manageEase and speed to deployment are benefits will arise from the Cloud Centralized Cloud IT will embrace collaboration and reduce complexity
34.
35. Cross providers Governments and Enterprises are very worried about this
38. Service providers need clarity to build the platform and infrastructure for the cloudTaxation will have caught up with the Cloud pretty soon How legal and regulators frameworks view ‘interoperability’ could change things
40. Appendix: Questions To Be Answered The next few slides contain questions that really need to be addressed Most enterprises will demand satisfying answers before deciding to move significant workloads to the cloud Ultimately there is no right or wrong answer, there is just an answer which reflects the enterprise and its requirements
41. Compliance and Risk Management What certifications does your provider possess? ISO 27001:2005 How often do they re-certify? Do you have access to the audit reports? Who conducts the audits? How seamless are the processes to move in to the cloud and back? How is the collaboration between the cloud provider and you with regards to essential processes like: Incident Response Forensic Analysis Risk Management Breach Notification Law Enforcement Enquiries?
42. Compliance and Risk Management How do you handle dispute resolution and liability issues? How can you ensure policy compliance? How can you prove that you follow your internal policies in the cloud as well? What is needed? What is needed to prove policy compliance towards any regulation you have to follow? What industry or government standards do you comply with? How is your infrastructure and processes audited and by whom? Do I have access to audit summaries? How are you able to monitor your risks all across your infrastructure? Are there clearly defined metrics for the cloud service to be monitored? How are eDiscovery and criminal compliance requests handled? Are the audit logs forensically and legally sound?
43. Identity and Access Control How can you integrate the provider’s identity metasystem with your identity management processes? Who owns your identity? Is there an in-person proofing for identities you will trust (if this is necessary from your risk assessment)? How can identities federate across different services and from your internal environment to the cloud? How do I federate with my partners, vendors, and other enterprises? Is the application writer responsible for access controls or is there a service to do that? How are the databases protected for access? Do the software API’s have cryptographic keys in use? Is all of your software signed?
44. Service Integrity How does your provider ensure the security of the written code? Have they implemented a Security Development Lifecycle? How do they do Threat Modeling? How do they test against their Threat Model? How is process consistency ensured? What is the hiring process for the personal doing administrative operations? Are they background checked? What levels of access do they have?
45. Service Integrity How is the software protected from corruption (malicious or accidental)? Is there a secure development and software integrity process enforced for all the code within the responsibility of the provider? Who does the cloud supplier use as their critical suppliers and transparency into how those relationships are managed for security and availability? What is the Security Update strategy of the cloud provider? How does the cloud provider manage vulnerabilities? Including incident response and triaging?
46. Other Integrity End-Point Integrity How is the client integrated into the trust relationship with the cloud (e.g. Cardspace)? Information Protection and Transaction Integrity Who owns your data? Can it be encrypted? Who has access to encryption keys? Where is the backup located and do you have an on-premise backup? How is the backup purged? Where is your data stored? What requirements do you have with regards to the physical location of your data?
47.
48. Firms won’t move mission-critical apps or highly sensitive data sets into the Cloud. They want them on-premise for control, performance, and security reasons.
49. Highly integrated applications (e.g., ones that touch multiple internal databases or systems) are impractical to move to the Cloud in isolation.
Why all the discussion around the cloud computing? What is so interesting?Here are the key areas we are hearing from customers. Managed costs From a financial perspective, you can manage costs as a capital expense or an operational expense depending on what works best for your business. The exciting things here are to be able to get started quickly without huge barriers in capital costs as well as having predictable and reduced costs. Greater resource agility The management burden of anticipating and building out excess capacity IT infrastructure decreases. The result—less management, maintenance and deployment time, with the additional benefit of greater scalability to more easily handle peaks in demand.Greater business agility From an IT management perspective, you can focus on solving business problems, and not on infrastructure issues. A cloud model enables you to respond to business demands more effectively, and help ensure employees have on-demand access to critical business information, customers, partners and each other, using any device, from anywhere. Quote on the right is Aviva it was actually 142 days for the One Aviva intranet.Smaller carbon footprint At the same time, using off-premises IT infrastructure has the additional value of decreasing your environmental impact through a reduction in the physical resources required to run on-premises systems. This ofcoure can tranlate into lower taxes and power and utility savings for corporations. Microsoft datacenters benefit from negotiated low power costs and we leverage cool climates and place our DCs next to rivers for hydro power to further reduce costs and carbon impact. We are seeing key industry analysts also highlighting the benefits and momentum around cloud services. Cloud Analyst QuotesForresterTop Left:It’s not the hype, but actual business results achieved by early cloud adopters fueling CIO interest, according to James Staten, principal analyst at Forrester Research. “Early adopters are finding serious benefits, meaning that cloud computing is real and warrants your scrutiny as a new set of platforms for business applications.” Top Right: Forrester analyst Ted Schadler said a financial services firm migrated its employee portal to a cloud-based vendor and launched it in two months, while another firm he surveyed has spent the last 18 months building its employee portal in-house. Source: eweek.comBottom: Gartner’s predictions for the last 2 years have made some huge statements around the pace businesses will move to cloud services as well as how there is huge momentum for businesses to select and move some IT assets out of their own datacenters. More Quotes:ForresterCase Study: GlaxoSmithKline is moving approximately 90,000 email users to Microsoft's Exchange Online, a cloud-delivered service. The result is that GSK is able to optimize its messaging and collaboration platform to meet the full range of its end users' requirementsSource: forrester.comGartner:Cloud Computing Will Be As Influential As E-business. Source: gartner.comGartner:Cloud computing revenue will soar faster than expected and will exceed $150 billion within five years, Gartner report predicts. Cloud-based business processes are the largest portion of the cloud services market, which includes advertising, e-commerce, human resources, and payments processing.Source: infoworld.comGartner:Gartner predicts that by 2012, 80 percent of Fortune 1000 enterprises will be paying for some cloud computing services, and 30 percent will be paying for cloud computing infrastructure services.Source: itnews.com.auIDC: One reason IT suppliers are sharpening their focus on the “cloud” model is its growth trajectory, which - at 27% CAGR - is over five times the growth rate of the traditional, on-premise IT delivery/consumption model. Source: blogs.idc.comIDC: Spending on IT cloud services will triple in the next 5 years, reaching $42 billion and capturing 25% of IT spending growth in 2012Source: blogs.idc.comMerrill Lynch: By 2011 the volume of cloud computing market opportunity would amount to $160bn, including $95bn in business and productivity apps (email, office, CRM, etc.) and $65bn in online advertising.Source: sys-con.com