Cloud Hype2 The cloud is cheaperThe cloud business model is growing at anunparalleled pace without any limit in sightIn the future everything will be on the cloud. can we find evidence to support, or refute, suchclaims?

Crossing the Chasm3 Insight from Geoff Moore

How does the revenue picture look?4 One-time purchases

How does the revenue picture look?5 “Recurring” revenue

A thought question6 Who pays for a “free” app? Somegames have advertising but many apps don’t So what’s the interest in having the app? Even more extreme: Who pays for LinkedIn? Hugenumber of users so it must cost a lot to run Yet no advertising and the site is free

. and the answer is?7 LinkedIn exists to either be acquired, or toeventually change its revenue model using ads Inthe eventual profit case, the company would besustained by venture capital in the interim period Then an IPO lets the company cash in on its “value” But what does “value” ultimately mean if thecompany sells a product that doesn’t really createrevenue at all?

These aren’t the only models8 What about a revenue-generating application Why might it ever live on the cloud?Imagine that doctors pay “MedRecords4Us” asubscription feeWould it make sense for the company to migratetheir application to a cloud?

Managing DemandForecast demandIT CapacityPotentialbusiness lossCompute capacityOver capacityUnder capacityEntry barrierWastedcapacityTime

Coping with Demand BurstsIT DemandOuch! How do we deal with this?Ticket sales openTicket sales openConcert ticket web siteTime

IT Agility How quickly can you Scaleup the infrastructure and applications? Upgrade to the latest OS? Respond to a company merger with new requirementsfor business process and IT capacity? Respond to a divestiture

Cloud Computing Shared, multi-tenant environmentPools of computing resourcesResources can be requested as requiredAvailable via the Internet Private clouds can be available via private WANPay as you go

Technologies and monetization13 Fundamentally, a technology must be profitable tosurvive. Bettertechnologies often fail The technology everyone buys wins. Then eventually itmight acquire features from the losing solutions Moreover, the income story needs to “scale”

Two more examples. Who wins?14 Company A has an amazing technology but youneed to be an expert to use it. Sothey hire and train experts of their own When you buy their package they do the work for you Company B has a less amazing technology but itjust installs itself and works Noneed to hire experts Just buy as many user accounts as you need

Theil (Stanford)15 In addition to incorrectly assuming that bettertechnology wins over inferior technology, people oftenconfuse competition with competitive successAggressive competition often drives pricing down Much better to be the owner of a unique niche: soleprovider of such-and-such a must-have application You can charge higher prices (although not too high or competitorsmove in aggressively). So profit margins will be sharply higher You become a must-be-there platform for advertising aimed atyour class of clients, bringing you revenue In effect: the best position to be in is to create your ownniche and operate it as a mini-monopoly!

Key insight16 Company A will eventually be limited by the number ofexperts it can actually hire & trainSo after a period of growth it will stall The revenue stream peaks and this chokes investment in theevolution of the product Ultimately, company A will either fail or at least reach somesort of saturation point Company B sees no end in sight and the money pours inThis allows B to invest to improve its technology Eventually it will catch up with A on features

Applied to cloud computing?17 We need to ask which stage of the cloud we’vereached! Butone complication: it isn’t just “one” cloud The cloud is a “sum” of multiple business stories/models Early business of the cloud was the initial Internetboom (it gave us and similar web sites) Onlya few survived, like, Expedia Winning wasn’t easy for them or much fun!

Waves of the cloud revolution18 Early web browser stage Searchand advertising (Google) Social Networking (Facebook, Twitter) Cloud as your “home”: AOL, Yahoo!, MSN, Google Emergence of true web services model Infrastructureas a service (“rent a VM”) Apps (Apple) Frames, full cross-site federation Full-featured scripting languages (Javascript, Caja,Silverlight, Adobe Flash.) What next?

Each has its own revenue model!19 For each style of web solution need to ask whatmonetizes that model!Google and Facebook make their money on advertising Microsoft combines technology license revenue withadvertising, but earns much more on technology Apple earns money on every App Amazon sells stuff but also runs massive data centers reallywell, and rents space on those Infosys does rote tasks incredibly well and incrediblycheaply (because most of their employees earn 6,500/yr) Following the money is the key to understanding whatdirections each will follow

So the cloud is a sum of stories20 Many of these revenue stories “superimposed”


Inescapable Conclusion?22 Some of today’s cloud computing stories willprobably fail as business modelsWallstreet may not realize this, yet!

The terms have many meanings!23 Everyone talks about cloud computing but there isvery little consensus on what cloud computing means We’vestudied it all semester now But the cloud brings together a lot of technologies thateach do very different things Best definition so far is basically: Astyle of computing that makes extensive use of networkaccess to remote data and remote data centers, presentedthrough web standards. But this is so general it says almost nothing!

What is a Cloud Platform?Some defining characteristics It lets developers create and run apps, store data, andmoreIt provides self-service access to a pool of computingresourcesIt allows granular, elastic allocation of resourcesIt allows charging only for the resources an applicationuses

Public Clouds and Private CloudsTypical definitions Public cloud: A cloud platform run by a service providermade available to many end-user organizationsPrivate cloud: A cloud platform run solely for a singleend-user organization, such as a bank or retailer The technology can be much like public clouds, but theeconomics are differentMost organizations will probably use some hybrid ofboth

Cloud Platform Technologies The most important today: ComputingInfrastructure as a Service (IaaS) Platform as a Service (PaaS) StorageRelational storage Scale-out storage Blobs There are many more Messaging, identity, caching,

ComputingInfrastructure as a Service (IaaS) Developers create virtual machines (VMs) on demand They have full access to these VMsStrengths: Cancontrol and configure environment Familiar technologies Limited code lock-in Weaknesses: Mustcontrol and configure environment Requires administrative skills to use

ComputingPlatform as a Service (PaaS) Developers provide an application, which the platformruns They don’t work directly with VMsStrengths:Provides higher-level services than IaaS Requires essentially no administrative skills Weaknesses:Allows less control of the environment Can be harder to move existing software

ComputingWhat’s the most popular approach? IaaS is more widely used today than PaaS Gartnerestimates that public IaaS revenues aresignificantly greater than public PaaS revenues today Perspective: IaaSis easier to adopt than PaaS IaaS Overemulates your existing world in the cloudtime, PaaS is likely to dominate PaaSshould have an overall lower cost than IaaS It’s typically a better choice for new applications

StorageRelational Traditional relational storage in the cloud With support for SQLStrengths: Familiartechnologies Many available tools, e.g., for reporting Limited data lock-in Can be cheaper than on-premises relational storage Weaknesses: Scalingto handle very large data is challenging

StorageScale-out Massively scalable storage in the cloud No support for SQLStrengths: Scalingto handle very large data is straightforward Can be cheaper than relational storage Weaknesses: Unfamiliartechnologies Few available tools Significant data lock-in

StorageBlobs Storage for Binary Large OBjects in the cloud Such as video, back-ups, etc.Strengths: Globallyaccessible way to store and access large data Can be cheaper than on-premises storage Weaknesses: Providesonly simple unstructured storage


Cloud PlatformsRepresentative technologies and lesforceKeyCloudPlatformServiceCloud PlatformSoftware

Cloud Service or Cloud Software? Cloud platform service Ahardware/software combination Typically provided by organizations that run Internetscale services, e.g., Microsoft, Amazon, and Google They write their own softwareCloud platform software Provided Hosters Theby software vendors and open source projectscan use this software to offer a public cloud servicesame software can also be used in private clouds

Applying Public Cloud Platforms (1)Some characteristics of typical applications Apps that need high reliability Example: Apps that need massive scale Example: A Web 2.0 applicationApps with variable load Example: A SaaS applicationAn on-line ticketing applicationApps that do parallel processing Example:A financial modeling application

Applying Public Cloud Platforms (2)Some characteristics of typical applications Apps with a short or unpredictable lifetime Example: Apps that must fail fast or scale fast Example: An app created for a marketing campaignStart-upsApps that don’t fit well in an organization’s datacenter Example:A business unit that wishes to avoid its ITdepartment Apps that can benefit from external storage Example:An application that archives data


From Server Virtualization to Private Clouds IaaS allows allocating, managing, and charging forVMs in a more effective wayThis idea first appeared in a public cloud platform Ifit makes sense there, why not use it in your own datacenter? Private clouds provide IaaS in your data center Althoughservicesthey can also offer more application-oriented

MicrosoftPrivate and public cloud platform Hyper-VCloudIaaSFor areAmazonGoogleKeyCloud PlatformServiceSalesforceCloud PlatformSoftware

VMwarePrivate and public cloud platform reIaaSIaaSHyper-VCloudFor Hosters:Hyper-VCloudvCloudFor gleKeyCloud PlatformServiceSalesforceCloud PlatformSoftware

Windows Azure PlatformPublic cloud For reTablesWindowsAzureBlobsvCloudFor Hosters:vCloudAmazonGoogleKeyCloud PlatformServiceSalesforceCloud PlatformSoftware

Windows Azure PlatformPricing examples (in US dollars) Compute: 0.05/hour to 0.96/hour for eachinstance (depending on instance size)Storage: Blobsand tables: Data: 0.15/GB per month Access: 0.01/10,000 operations Relational: 9.99/GB per monthBandwidth: Inbound:Free Outbound: 0.15/GB

VMware Cloud FoundryPublic cloud platform For reTablesWindowsAzureBlobsvCloudFor orageAmazonGoogleKeyCloud PlatformServiceSalesforceCloud PlatformSoftware

VMware Cloud FoundryEssentials Cloud Foundry is an open source PaaS platform Led by VMwareDesigned to support diverse technologies: Frameworks:Spring, Rails, etc. Storage: MySQL, MongoDB, etc. Not yet available as a service VMwareprovides a public dev/test service Partners will provide commercial public platforms

Amazon Web ServicesPublic cloud Hyper-VCloudFor reTablesWindowsAzure BlobsvCloudFor orageElasticComputeCloud )SimpleDBSimpleStorageService (S3)KeyCloud PlatformServiceSalesforceCloud PlatformSoftware

A Broader View of IaaS/PaasAn aside More than cloud compute can be viewed through theIaaS/PaaS lensExample: Cloud options for relational storage Runa database server in an AWS EC2 VM AnIaaS storage service Usea managed database server with AWS RDS Use a managed database service with SQL Azure APaaS storage service

Amazon Web ServicesPricing examples Compute: 0.02/hour to 3.68/hour for each VM(depending on size and OS)Storage (blobs): Data: 0.14/GB per month to 0.037/GB per month(depending on data size and redundancy) Access: 0.01/1,000 PUT, COPY, POST, LIST operations, 0.01/10,000 GET operations Bandwidth: Free inbound, 0.12/GB to 0.05/GBout (depending on volume)

EucalyptusPrivate cloud ForHosters:Hyper-VCloudFor ce(RDS)SimpleDBSimpleStorageService(S3)KeyCloud PlatformServiceSalesforceCloud PlatformSoftware

The Commoditization of IaaSAn aside Public IaaS compute service is widely availabletodayProviders include: GoGridCloud Hosting Terremark vCloud Express IBM SmartCloud Enterprise Rackspace Cloud Servers Aleader in creating OpenStack, open source IaaSprivate/public cloud platform software

Google App EnginePublic cloud Hyper-VCloudFor reTablesWindowsAzure BlobsvCloudFor orageEucalyptusElasticComputeCloud rvice(RDS)SimpleDBSimpleStorageService (S3)DatastoreBlobstoreKeyCloud PlatformServiceSalesforceCloud PlatformSoftware

Google App EnginePricing examples (today) Compute: 0.10/CPU hourStorage: Datastore: 0.15/GB per month Blobstore: 0.15/GB per month Bandwidth: 0.10/GB in, 0.12/GB out App Engine also allows some free usage every day Otherplatforms have a free tier as well Force.comPublic cloud Hyper-VCloudFor reTablesWindowsAzure BlobsvCloudFor orageEucalyptusElasticComputeCloud rvice(RDS)SimpleDBSimpleStorageService (S3)DatastoreBlobstoreKeyCloud omCloud PlatformSoftware Force.comPricing examples One (small) application is freeEnterprise Edition: 50/user per month Compute:up to 10 applications Storage: up to 200 database objects Bandwidth: No extra charge Unlimited Edition: 75/user per month Compute:unlimited applications Storage: up to 2,000 database objects Bandwidth: No extra charge

Challenges to Adoption55

Challenges to Adoption (continued)Ownership DimensionAreaUnderstanding of the ceSpecific ChallengePrivate CloudPublic CloudAgreement on DefinitionLowMediumConfusion on What ProvidedHighHighMulti‐Tenancy ConcernsLow to NAMediumUnrealistic Vendor ClaimsMediumHighCIO Role ChangesLowLowCloud Lock‐InLow to NAHighArchitecture ImmaturityHighHighManageabilityHighHighVM Memory LimitsLowLowWAN PerformanceLowMediumPotential Loss of ControlLowMediumProvisioningMediumMediumLicensing ediumService Provider MotivationLowHighProvider SLAsLowHighAdequate Threat ModelsMediumHighWorkable Cross‐Domain SecurityLowMediumData‐at‐Rest SecurityLowHighAuditabilityMediumHighAccepted Accreditation ProcessesMediumHighAccepted Compliance ProcessesMediumPhysical LocationLow to NA56HighMedium

Challenges to Adoption (continued) Ownership DimensionAreaSpecificChallengeUnderstandingof theParadigmUnderstanding of the ParadigmAgreement on DefinitionPrivate CloudLowPublic CloudMediumDefinition: Lack of Confusionagreementover whatHighexactly constitutes“cloudon What ProvidedHighMulti‐Tenancy ConcernsLow to NAMediumcomputing”Unrealistic Vendor ClaimsMediumHigh Confusion: Over whatbenefitscloudcomputingwillprovide,and theCIO Role ChangesLowLowtrade-offsCloud Lock‐InLow to NAHighImplementation/OperationsArchitecture ImmaturityHighHigh Multi-Tenancy:ManageabilityHighHigh How comfortable VMis Memoryan enterprisein storingenvironment sharedLimitsLow its data in anLowWAN PerformanceLowMediumwith other customers?Potential Loss of ControlLowMediumWhat is the risk ediumHow does this differfromthe mainframe Mediumera?LicensingModelswhat we did inMediumHighHighOutrageous onfidenceLowMediumService ProviderMotivationHighHinder understandingof cloudcomputingLowSLAsLowHigh What exactly areProviderwe buying?Security/ComplianceAdequate Threat ModelsMediumHigh To what is the vendorcommitting(especiallyWorkableCross‐Domain SecurityLow true for a hostingMedium vendor)? Data‐at‐Rest SecurityLowHighAuditabilityMediumHighAccepted Accreditation ProcessesMediumHighAccepted Compliance ProcessesMediumHighPhysical LocationLow to NA57Medium

Challenges to Adoption (continued) Understanding of the Paradigm (continued) Rolechanges: The CIO (or equivalent) may need toevolve to a general contractor in many areas. Lock-In: Howdifficult would it be to move large volumes of data to adifferent cloud (cloud provider)? This is both a procedural and a technical issue (format,bandwidth)58

Challenges to Adoption (continued)Ownership DimensionArea Specific ChallengeUnderstanding of the andParadigmOperationsAgreement on DefinitionImplementation Architecture:Private CloudPublic CloudLowMediumConfusion on What ProvidedHighHighMulti‐Tenancy ConcernsLow to NAMediumThere is much disagreementoverVendorthe necessaryelementsfor a cloud technicalUnrealisticClaimsMediumHigh architecture, and theelements are not mature. CIO Role ChangesLowLowCloudapproachLock‐InLow to NA yet culture forHigh In addition, SOA is the bestfor interface to clouds,SOA success is immatureImplementation/OperationsHighHighand poorly understood. Architecture ImmaturityManageabilityHighHigh There is much discussion over common cloud APIs, but none exist VM Memory Limits Manageability: from the userperspective:WAN Performance LowLowLowMediumPotentialLoss seemof ControlLow metrics for applicationsMediumExisting management toolsdo notto be able to trackthat may resideProvisioningMediumMediumon a varying number of different systems (not a problem where solution is a single VM)Licensing ModelsMediumMediumHow does asset management change in the cloud?GovernanceHighHighDistributed Management ConfidenceTask Force (DMTF) has Provider MotivationLowHighProvider SLAsHigh a requisite designMemory limits within VM technology:VMs, which areLowapproaching beingSecurity/ComplianceAdequate Threat ModelsMediumHighelement, can address less memory than the physical OS. The latest product releasesWorkable Cross‐Domain SecurityLowMediumlargely obviate this limitation.LowHighData‐at‐Rest SecurityWAN performance: ManyAuditabilitygeographies still are limitedMediumin their backboneHigh capacity.Accepted Accreditation ProcessesMediumHighAccepted Compliance ProcessesMediumHighPhysical LocationLow to NA59Medium

Challenges to Adoption (continued) Implementation and Operations (continued)Loss of control: Will business elements of the enterprisebypass the enterprise’s IT organization? Governance: In which deployment models and use-cases does this play?Is governance antithetical to the concept of cloud?Will lack of governance aggravate problems already associatedwith lack of SOA governance?Provisioning: For SaaS, how will applications andapplication components be provisioned? Licensing: Vendors have been slow to develop appropriatemodels. Confidence: As to reliability, scalability, and security in publicclouds (economics will also drive cloud vendors to minimizecosts) 60

Challenges to Adoption (continued) Implementation and Operations (continued) Motivationfor the Provider: Ideally,providers keep just ahead of demand May provide motivation for providers to federate and sellcapacity to each other as do utility companies. Are therelessons from the power utility companies? Aggravates manageability problem Is the capacity really there for surge levels? Will anothertenant’s surge impede your ability to do the same? Service-LevelAgreements: There have been effectivelyno substantive guarantees from public cloud providers.61

Challenges to Adoption (continued) Security and Compliance Ownership DimensionAreaSpecific ChallengePrivate CloudPublic CloudUnderstanding of the ParadigmAgreement on DefinitionLowMediumCloud Lock‐InLow to NAHighArchitecture ImmaturityHighHighAccepted Accreditation ProcessesMediumHighAccepted Compliance ProcessesMediumHighPhysical LocationLow to NAConfusion onnewWhat ProvidedHighHighThreat Models: Whatmodels arisein the cloud?Have weMulti‐Tenancy ConcernsLow to NAMediumfurther aggravatedissuesalreadypresentwithinSOA and withUnrealistic Vendor ClaimsMediumHighstandard computingvulnerabilities?CIO s Dynamic virtualManageabilitymachines – How much controlto the user?HighHighVM MemoryLimitsLowmeasures are needed):Low Resource isolation(appropriateisolationWAN PerformanceLowMedium VM-to-VMattacksPotential Loss of ControlLowMedium Data leakageProvisioningMediumMedium Weakened perimeter– Firewall ports enablinguser accessLicensing ModelsMediumMediumare aHighHighvulnerability GovernanceConfidenceMedium Patch and securitycontrol managementLow– Becomes the user’sresponsibility;Service Provider MotivationLowHighaggravated by VM dynamismProvider SLAsLowHigh Hybrid usage –Consistency of control; Mediumensuring the userHighunderstands whereSecurity/ComplianceAdequate Threat Modelstheir data residesWorkable Cross‐Domain SecurityLowMedium Administrative Data‐at‐Restaccess Securityacross networks –LowA vulnerability alsoinconsistent withHighAuditabilityMediumHighsome security policies 62Medium

Challenges to Adoption (continued) Security and Compliance (continued) Cross-Domain Security: How does an organization extend or federate itsauthentication and authorization mechanisms into the cloud?Data-at-Rest Security: What encryption and segregation mechanisms areprovided?Auditability: Can access to the data be audited? Are data storage formats even amenable to auditing (more of an issue forchunking types of storage that lose the concept of a file)?Forensics, as applications are not linked to physical infrastructure and the number of physicalassets in play may varyAccreditation in the Cloud: How can you tell a cloud is “secure”?Is there governing policy and procedures to accredit a cloud?What processes and controls must be in place? (Pre-accredited clouds mayactually simplify this process)63

Challenges to Adoption (continued) Security and Compliance (continued) Compliance: May preclude cloud paradigm in some cases due to: Physical Location: Physical chain of custody requirementsRegulatory requirementsDo you know what country your cloud resides in?Would you know if it changed?What compliance requirements change?Is there governing law that recognizes the paradigm?Conclusions: There are many challenges to adoption of the cloud paradigmPublic clouds and private clouds have different sets of challenges,with some overlap64

The last word65Joni Mitchell summed it up best:I've looked at clouds from both sides nowFrom up and down, and still somehowIt's cloud illusions I recall.I really don't know clouds at all The cloud is a very complex marketplace and evolvingrapidly. Economics are the key But nobody really understands cloud economics There are many barriers to entry

Cloud as your “home”: AOL, Yahoo!, MSN, Google . Computing Storage Hyper-V Cloud Private Public Amazo n Microsof t Google Salesfor ce VMware For Hosters: vCloud vCloud Blobs Key Cloud Platform Service Cloud Platform Software For Hosters: Hyper-V Cloud. Windows Azure Platform Public cloud platform