Recently in Cloud SLA Category

CloudStorageStrategy.com welcomes OpSource CEO Treb Ryan for an in-depth interview on cloud computing, from the perspective of the service provider.

NOTE: OpSource is a customer of Mezeo Software, the underwriter of this blog.

What are the opportunities you see in the cloud computing space, both for OpSource and your customers, and what impact has the downturn had on this?

It's interesting, but when people talk about cloud computing, they immediately go to the downturn and pricing - and cost being the big driver.  There's no question that cloud computing is cost effective, and it's accelerating adoption many times over, but what we're really seeing is something much more fundamental - a generation of users who are entering the workforce who've been using cloud computing all along; they've grown up on the Internet, and their interface to technology has always been through the Internet. 

As a result, this "Cloud Generation" has clear expectations of how technology should work:

1) it should be immediately available,
2) you do a search and get going,
3) it should be very flexible,
4) you should have ubiquitous access - anytime, anywhere,
5) sharing and collaboration - the expectation to collaborate and share anything they are working on.

This is not a generation which distinguishes between work data and home data - like my generation did. They've grown up with the concept of APIs and communities that grow around them; for instance, we see programmers who have grown up with Google and Facebook APIs, and now they expect that kind of thing in their work applications as well. So they're coming into the workforce and driving change in the workplace. They see technologies like client-server applications or hard-coded storage arrays pretty much the same way my generation saw green screens, mainframes, and mini-computers - as dated, inflexible, technology - hard to use, without nearly the power of cloud-based systems. So they have the day-to-day experience of the "consumer cloud" which they're now driving into business applications as well. 

To the Cloud Generation of programmers this means anything they can interact with on the Cloud they can program to through APIs. The idea of infrastructure being an item that can be addressed as part of the application, instead of something the application lays on top of, is a radical concept.  It has allowed not only for innovative applications, but also for true elastic computing making the Cloud environment even more flexible.



Great Cloud offerings have great communities around them. This is the aspect of Cloud computing that is so often missed - and even scoffed at - by the IT folks who think it's all about virtualization. One of the biggest gripes about Cloud computing is that support is done by the Community and not the vendor. While most will agree that far more proactive vendor support is necessary for Cloud computing, Community support is just as critical. For questions of configuration and usage tricks, the Community is a far better source of information than some call center employee with limited access. Often the Community devises more innovative solutions than the vendor ever could. And in addition to support, the Community can create third-party add-ins that make the Cloud even more useful.

The downturn has accelerated adoption from the top down as well.

We're seeing executives who have become enamored with this idea of the cloud - because of the ability to turn capital expenditures into operational expenses - and are pushing cloud computing into their organizations.  The CEO of one of our customers went so far as to tell his technical people - "now can you finally start using the cloud so I can get the board off my back?"

So, for different reasons, we have both top-down and grass-roots support for cloud-based applications, which makes this very interesting to say the least.

Which customer segments do you see leading the way in adoption?

Obviously, our traditional focus has been on ISVs and start-ups coming into Software-as-a-Service, business applications in the cloud, and we're seeing continued adoption of cloud infrastructure by those segments, but what has been interesting is that now that we offer the ability for any company to buy and use cloud infrastructure for any type of application, we're seeing a much broader spread of usage and adoption. Beyond the enterprise we also see widespread adoption by systems integrators, consultants, and VARs - upto 40% of our customer base - all without us targeting that segment at all.

How does OpSource differentiate its cloud offerings from other service providers?

We offer the best of the public cloud, combined with enterpise security and compliance, performance guarantees, and enterprise controls.

For instance, we offer:

• easy online sign-up & purchase with infrastructure provisioning in minutes
• pay by the hour and only for what you use, with no commitment (or purchase a monthly plan for a discount)
• a rich online community to share and collaborate with peers; get third party add-ins, images and configurations
• a web interface plus complete set of APIs

On the straight cloud, we provide a lot of the more robust, enterprise tools than you see from more consumer-based providers like Amazon, for example.

We focus on three different areas:

1) Security and Compliance: we provide a much more secure environment, because Opsource provides every customer with a Virtual Private Cloud within the public Cloud, allowing them to determine their own degree of public Internet connectivity. We also provide:

• Unique customizable security for firewalls
• VPN administration of all servers
• Unique username/password for each administrator
• Audit logs of all environmental changes
• SAS 70 audited
• 100% uptime SLA

2) Performance: we offer a multi-tier architecture with guaranteed latency in-between systems, sub-millisecond access time, industry standard technology, like VMware, instead of open-source, because that's where enterprise is comfortable.  Our 24/7 suppot also makes a diffence.

3) Control: today's cloud environment are single user environments, one user name and password, which is fine for individuals, but not so useful for the enterprise. We offer the ability to provision multiple users, do things like cross departmental billing, execute policy based control - which user can do what - and finally link all that back though an API to your existing management systems. So you can control how your users use the cloud same as you do your corporate datacenter.

So do you see any links into these large companies where they need to use ITIL for systems management?

Absolutely. OpSource has always focused on compliance as a major issue for our SaaS customers, eveything from SAS 70, PCI to European Safe Harbor, and even industry-specific ones like HIPAA, or government-specific certification, but in the cloud, we think about sophisticated  management techniques like federated authority and single sign-ons, and things like ITIL - while it's still in its infancy, it's shocking that most providers don't even have the ability to give their customers the critical capability to have more than one person manage the cloud for them - because they have a single user accounts. So while you can institute more sophisticated IT governance regimes like ITIL with the OpSource cloud, we give IT the capability to manage who does what, and track who did what, even if they aren't ready for something like ITIL.

So IT gets to do their own provisioning?   
  
Yes. So you want to know who provisioned what, how much it costs, and we give them that visibility instantly across their entire user community.  That way there are no surprises or charges they aren't aware of. It sort of reminds me of the controls I had to put in to alert me to my daughter's texting costs - so I'm aware of the charges before they get out of hand! I just blogged about this issue.

That's why you say that OpSource is what Amazon wants to be when it grows up... 

Absolutely.

And that's how you respond to cloud critics - the ones that say that the Cloud is not yet ready for the enterprise.

There are large parts of the cloud that are not yet ready for the enterprise. The cloud is still young, and it would be like asking that first 286 PC to run all of your corporate financials. However, a lot of these issues around enterprise adoption like security and compliance have been addressed, and are being taken care of, so as the cloud becomes more robust, we'll see increased adoption. We're seeing enterprise-level capabilities come to market that did not even exist six months ago.

We have just signed a partnership agreement under which OpSource will resell Gomez's Web performance management solution to our enterprise customers as well as use it to validate and monitor our own cloud performance service level agreements (SLAs). Through this partnership, we'll bring powerful performance monitoring to cloud computing, making it easier and more compelling than ever for enterprises to justify bringing their applications to the cloud.

Do you see infrastructure elements like storage growing now?

For true, full use of the cloud, we have to have the ability to access storage, go though the APIs to get to it, and give our customers a range of storage solutions, including cloud storage based on the specific application or need. We're giving our customers the widest range of choices.

What about agile programming? I heard you use agile methods to improve the customer experience.

Agile programming methods have helped us with not only development, but compliance and security as well. We talk to our customers to see how they are using our cloud offerings though our community, and we learn what's important to them.

We also test our offerings by having two programmers work on the same keyboard - literally  - one with the user story - so they can make sure that the customer is getting the exact functionality they need.

It's agile customer service.

Can you tell us a bit about your enthusiasm for composite applications (corporate mashups) and how they help your platform?

Of all the phenomenon in the cloud, we see the need for anytime-anywhere access and the idea that anything I can interact with I should also be able to program to.  So when Facebook enthusiasts start working in the enteprise, they bring their enthusiasm for integration as well.

So we see things in the cloud like direct access to the infrastructure as part of the application, which allows for all sorts of flexibility and robust usage.

We see real-time reporting applications of every kind you can imagine.  I myself am addicted to checking on everything that's coming out of our billing and customer systems tied into our Salesforce tabs.  So I'm always checking on the business in real-time via my iPhone.

I say this a lot, but integrating SaaS is a huge issue for today's enterprise. OpSource Connect can help SaaS companies -- of any size -- overcome integration hurdles and break out of the SaaS-only box. This speeds up adoption of SaaS in larger enterprise environments, opening the door for on-demand companies to cultivate business with large systems integrators. Plus, I'd say we're the only company providing Web operations from the ground up, addressing operational infrastructure, application management, and business operations. Today, integrations are expensive and one-to-one. For instance, while you can currently integrate your application with Google Maps as a composite application, OpSource Connect lets you integrate your app with many others, using just one platform. You can integrate your application with, for example, SAP, salesforce.com, Intuit QuickBooks, NetSuite, and a host of other SaaS and legacy applications. 

Everything is much more dynamic today, and programmers expect that. 

A recent paper from Deloitte titled CFO Insights: Heading for the Clouds raises some very good points from the perspective of the CFO. It's worth a quick read.

In essence, the case is made that Cloud computing presents a significant opportunity because it allow companies to reduce the capital costs of information technology. It allows companies to convert the cost of computing from capital expenditures to primarily an operating expense. The author emphasizes that since the IT budget is often one of the largest expenses a company incurs, CFOs should ask their CIOs how they plan to leverage cloud computing to reduce costs and increase service responsiveness. In my view this is clearly a critical issue for CFOs looking to improve their financial results in a down economy.

Here are a few questions CFOs should ask:

• Is there a strategy to use cloud computing as part of the IT services mix? Companies need to take a "business service management" approach - only in reverse.  That is to say, they map out their "mission critical business processes" and leave them alone! Instead, they look to outsource non-critical IT tasks to cloud computing service providers who are better equipped to execute them, which frees up the internal IT organization to focus on business critical processes.

• What areas create the greatest opportunities for savings now? Today, cloud services for data storage and occasional high performance computing capabilities may be a good starting point. Clearly, data storage is one such area, especially storage of non-critical data - email, office aps, images, videos, etc.

• What applications will be migrated to the cloud? For small and medium-sized companies, enterprise applications such as customer relationship management (Salesforce) and accounting (Netsuite) are already moving to the cloud.

What about security, reliability, and lock-in?  These are the three issues most of us worry about with cloud deployments.  The article says that the level of computer security, data privacy practices and the expertise of major cloud service providers are likely to be greater than those provided by an in-house IT staff and systems.

And of course, you've got to check your service providers' SLAs, their backup and recovery policies. Here are SLAs from Amazon S3 and Softlayer, for example.

Bottom line? CFOs must embrace the Cloud if they are looking to improve performance.

We've discussed ITIL and Cloud Computing and the role of trust as a differentiator for service providers. Yes, we see the evidence that IT Hosting companies and managed service providers are closer to their customers and we see that their differentiation is their commitment to serving the customer.

But Amazon, Google, and Microsoft aren't going away. As they pressure customers to make the switch to the cloud, traditional service providers must find new ways to compete. Step one, of course, is providing alternatives - cloud services, like storage for example.  Step two is to highlight their customer commitment - the relationships they already have and defend this "advantage" by becoming even more responsive. 

So how do you build trust? According to Stephen Covey Jr. trust is built through behavior. His work has identified 13 behaviors which build trust:

1. Talk Straight
2. Demonstrate Respect
3. Create Transparency
4. Right Wrongs
5. Show Loyalty
6. Deliver Results
7. Get Better
8. Confront Reality
9. Clarify Expectations
10. Practice Accountability
11. Listen First
12. Keep Commitments
13. Extend Trust

But how do these behaviors translate to a cloud service delivery model? 

To answer this question, I dug up an old model for assessing service quality - SERVQUAL -  which was introduced to the world of service and retail back in 1988 (those were the days before ITIL).  SERVQUAL has its share of detractors, but even recent research reminds us that it is still a useful model.  In particular, I'm interested in how it can be used to help service providers improve and extend their intangible advantages over the more impersonal big shops.

Over the years, the SERVQUAL instrument has been a popular methodology used to measure consumers' perceptions of service quality. Its five generic dimensions or factors are still valid:

(1) Tangibles: physical facilities, equipment and appearance of personnel.
(2) Reliability: the ability to perform the promised service dependably and accurately.
(3) Responsiveness: willingness to help customers and provide prompt service.
(4) Assurance: includes competence, courtesy, credibility and security; the knowledge and courtesy of employees and their ability to inspire trust and confidence.
(5) Empathy: includes access, communication, understanding the customer; caring and
individualized attention that the firm provides to its customers.

None of these dimensions will change in the cloud, with the exception that some of these dimensions are now virtual and must be proven online (customer support, for example) or through superior automation of work processes.

Let's also analyze the SERVQUAL "gap model," as it was called, and see how it applies to service delivery in the cloud:

Let's look at the meaning of each "gap" - the possible breakdown areas in service delivery:

Gap 1: Customers' expectations versus management perceptions: caused by the lack of a marketing research orientation, inadequate upward communication and too many layers of management.

Gap 2: Management perceptions versus service specifications: caused by an inadequate commitment to service quality, a perception of unfeasibility, inadequate task standardization and an absence of goal setting.

Gap 3: Service specifications versus service delivery: caused by role ambiguity and conflict, poor employee-job fit and poor technology-job fit, inappropriate supervisory control systems, lack of perceived control and lack of teamwork.

Gap 4: Service delivery versus external communication: caused by inadequate horizontal communications and propensity to over-promise.

Gap 5: The discrepancy between customer expectations and their perceptions of the service delivered: caused by the influences exerted from the customer side and the shortfalls (gaps) on the part of the service provider. In this case, customer expectations are influenced by the extent of personal needs, word of mouth recommendation and past service experiences.

Gap 6: The discrepancy between customer expectations and employees' perceptions: caused by the differences in the understanding of customer expectations by front-line service providers.

Gap 7: The discrepancy between employee's perceptions and management perceptions: caused by the differences in the understanding of customer expectations between managers and service providers.

Three of these gaps are directly connected external customers: Gap 1, Gap 5 and Gap 6.  Service providers will find their optimal "trust-building" opportunities here.  Apply Covey's 13 behaviors to each one of these gaps to build on your commitment to your customers.

Amazon, Google, and Microsoft aren't building a high-touch responsive model for their cloud services. But you, the service-provider, already have a high-touch relationship. Your cloud-based SLAs must reflect this advantage. The security issue is just a small part of this reality.

Service providers who dedicate themselves to closing the gaps will succeed in this new world.

The quest for quality service didn't start yesterday. I highly recommend that service providers give Delivering quality service: balancing customer perceptions and expectations by Valarie A. Zeithaml, A. Parasuraman, Leonard L. Berry, a second look.

Articles and blog posts associated with security and cloud computing are a daily occurrence, unless some well-publicized breach occurs in the cloud.  At that point the number of commentaries and discussions will increase exponentially, and then, over the following week, return to normal frequency.  I decided to focus on security as it relates to cloud storage, to see if something really new and different is occurring, and if overall changes need to be contemplated, as it comes to classic data security activities.  When I focused in this way, I quickly discovered that not much has changed, and security of data in the cloud is highly dependent on the same precautions and understandings as security of your data in a private data center.

In this recent article, it was suggested that files of one owner residing on a physical device with the files of others could somehow result in unauthorized access. It could, and the answer to this and a myriad of concerns fits within traditional approaches and understandings of security.   For example, Mezeo encrypts all files prior to storage.  So, even if you somehow got access to another's file, it would do you no good.  My point is that the cloud introduces a few additional complications, but it is not a problem that the current level of speculation seems to portray it as.  An extension to typical security practices, diligence, effective execution and audit of your current practices is what is required.

With this underlying theme, we look at how best we can ensure the security of the data in the cloud. Let's look at five areas that you should consider in regards to storing data in the cloud.

1. Physical Security: First, understand some things about the data center that is hosting the cloud where your data is stored:

• Is the data center physically secure? 
  
• What about it's ability to withstand power outages? 
  
• For how long? 
  
• Are there multiple, independent (on different grids) electrical power paths? 
  
• How are communications facilities enabled and where does the fiber enter the facility?
  
• How many communications providers have a POP (point of presence) at the facility? 
  
• How is the data center certified (SAS 70 Type II)?  

World class data centers are expensive, and they are also well understood.  What is the tier rating of the data center? (Tier IV is best). Make sure you do business with a cloud storage service provider who makes use of such facilities.

2. Data encryption: Encryption is a key technology for data security.  Understand data in motion and data at rest encryption.  Remember, security can range from simple (easy to manage, low cost and quite frankly, not very secure) all the way to highly secure (very complex, expensive to manage, and quite limiting in terms of access).  You and the provider of your Cloud Storage solution have many decisions and options to consider.  For example, do the Web services APIs that you use to access the cloud, either programmatically, or with clients written to those APIs, provide SSL encryption for access, this is generally considered to be a standard.  Once the object arrives at the cloud, it is decrypted, and stored.  Is there an option to encrypt it prior to storing?  Do you want to worry about encryption before you upload the file for cloud storage or do you prefer that the cloud storage service  automatically do it for you? These are options, understand your cloud storage solution and make your decisions based on desired levels of security.

3. Access Controls: Authentication and identity management is more important than ever.  And, it is not really all that different.  What level of enforcement of password strength and change frequency does the service provider invoke? What is the recovery methodology for password and account name?  How are passwords delivered to users upon a change?  What about logs and the ability to audit access?  This is not all that different from how you secure your internal systems and data, and it works the same way, if you use strong passwords, changed frequently, with typical IT security processes, you will protect that element of access.

4. Service Level Agreements (SLA): What kind of service commitment is your provider willing to offer you? Are they going to be up 99.9% of the time or 99.99% of the time? And how does that difference impact your ability to conduct your business? What is the backup strategy that your cloud provider uses, and does it include alternative site replication?  Do they use one at all, or is backup something you have to provide for?  Is there any SLA associated with backup, archive, or preservation of data.  If your account becomes inactive (say you don't pay your bill), do they keep your data?  For how long?  Once again, realize that there are different services, with different features, at different costs, and you get what you pay for.

5. Trusted Service Provider: The trusted service provider is a critical link.  Unlike your in-house IT department, you are now putting your trust in a 3rd party.  You must feel confident that they will do what they say they will do.  Can they demonstrate that the safeguards they claim are indeed delivered?  What is their record?  Do you have a successful business relationship with them already, and if not, do you know of others who do?  Remember, are they in business to serve business, or is it simply another service that they offer, focused first on cost per gigabyte, versus service and support.  This is where many IT service providers have made their living, providing world class service and support, along with effective, efficient, low cost infrastructure.

So what has really changed? More than anything it is a heightened awareness of the need for security.  Security is delivered on a sliding scale, and the result you achieve is based on well understood principles.

Of equal interest are the legal implications associated with hosting your data at service providers.  You can extend the notion of security to access by various government entities, depending on where your data is hosted.  While the focus of this post has been associated with preventing unauthorized access, this is yet another consideration associated with where your data is stored. 

Sure, cloud storage requires that you add some additional and/or different considerations to your evaluation and monitoring process, like understanding your service provider versus your own IT department.  The IT Service Providers know and understand the importance of this. Most will step up and ensure that they deliver excellent service to you and become your long term Trusted Partners. Those that don't will fall by the wayside.

The phrase “razor sharp focus” is a tired cliché in our field, but you have to hand it to Google. They have just announced a “two-click data migration tool which allows employees to easily copy existing data from Exchange or Outlook into Google Apps.”

By building a tool to make this migration a “point-and-click” experience, they are hastening the defection rate for businesses looking for an alternative to Microsoft’s office suite. What’s more, three service providers - NuVox, Netfirms and IKANO - have already begun offering this tool to their customer base.

Google Apps Sync, as the migration tool is called, has already been put to use at enterprises like Genentech and Avago. Here’s some compelling Google propaganda:

It’s a case-study in business model disruption. The cost? One-sixth the price of Microsoft.

Of course we’re still in the “early days” and the jury is still out. Microsoft will surely counter with Azure, but you can see why Ray Ozzie is worried.

For Google, on the other hand, the state of cloud computing is promising. They claim around 1.75 million companies are running Google Apps. The enterprise, as Gray noted earlier, is ready for Cloud Computing. And why is this?  We’ve mentioned the economics before, but here is Google’s take on the benefits of Cloud Computing.

One of the interesting side effects of the rapid adoption of Cloud Computing by the enterprise is the impact this adoption will have on the design and delivery of IT service processes.

In his article Assessing cloud providers, Frank Ohlhorst reminds us that "moving to the cloud is primarily a business decision" dependent on the metrics of ROI (Return On Investment), performance, sustainability and suitability to task.

Managers, writes Ohlhorst, must be prepared to do the following:

- audit the target applications and business processes impacted to create a cost-benefit-risk analysis that compares a traditional client/server solution to a cloud-based solution.
- audit the cloud services provider, including an assessment of geographic redundancy, packet transport performance, latency and service guarantees.
- audit the business's own ISPs, including performance at connecting points, failover capabilities and guaranteed throughput rates to and from the cloud services provider.
- monitor and frequently evaluate service and performance elements.

Thus, Ohlhorst tells us, "one of the first steps for choosing a cloud service provider is to evaluate the level of service offered and the guarantees behind that service." His view is that the Service Level Agreements (SLAs) must be scrutinized under three specific lenses: data protection, continuity and costs.

While this is a traditional IT view, and seems quite logical, we disagree with his suggestion that IT Managers can turn to the Keynote Internet Testing Environment (KITE) and Internet Health Report to measure performance.

Why? Because these are uptime measures, not measures of service performance.

If you're familiar with ITIL V.3, you'll recognize this service model overview:



In the ITIL world, service management can be broken into the following components:

- Service Strategy
- Service Design
- Service Transition
- Service Operation
- Continual Service Improvement

Traditional IT systems management thinking leads us to associate systems availability with service availability, so that if a network component is running normally, we assume that the services running across that network component are also running normally.

This is largely the view being taken by the traditional systems management companies. It is what we are seeing in announcements like this one from BMC Software and Amazon.com.

But the cloud service model is different, and - while it's great to see BMC extending its enterprise systems management platforms to incorporate Cloud infrastructure - Cloud computing brings about a different measure for service performance, best exemplified by a new breed of cloud computing management vendors like Nimsoft. Their view is as follows:

The "pay-as-you-go" nature of cloud computing breaks the link between component and service performance: typically, organizations pay for capacity or throughput, rather than specific components. Plus, the highly dynamic nature of the computing infrastructure that exists in the cloud makes traditional CMDB (or simple list) based systems management virtually impossible to implement. All the traditional server and network reporting that shows 99.999 up-time will become secondary and probably irrelevant for future service level management and reporting. What this means is that synthetic transaction monitoring--that is, generating, monitoring, and reporting on simulated service requests--will be of paramount importance.

This perspective puts an interesting twist on ITIL's IT Service Management model. Since there is no way to predict which cloud computing infrastructure components are accessible at any point in time, service delivery processes in the enterprise - and SLAs from cloud computing service providers - need to be all about service reliability rather than component reliability.  This is a paradigm shift. 

As we have written previously, cloud computing is unleashing the potential of SOA (Service Oriented Architecture) applications.  In a world of SOA applications running on Cloud infrastructure, the concepts of IT service delivery in the enterprise and SLAs from service providers will rest upon services and processes that can run on any infrastructure components within the cloud.  The notion of using discrete infrastructure components as the basis for measuring service quality goes away.  This is the philosophy of the new breed of cloud systems management providers: the focus of availability and performance measurement moves toward measuring the user experience.

And, as this transition comes about, what happens to CMDB-based systems management? How do we think about the CMDB when the management of these infrastructure parts is abstracted even further away from application peformance?  Does anyone see a new "cloud edition" of ITIL service delivery on the horizon?

Once again, there is an opportunity here for service providers to seize the initiative.

Recently, The Planet published a white paper comparing Cloud Storage performance as offered by The Planet (which uses Nirvanix), Amazon S3 and Rackspace CloudFiles.  It did a nice job of creating a performance-oriented benchmark, comparing Cloud Storage file upload and download time for the three services.  While it is necessary to understand this factor associated with Cloud Storage, it is far from sufficient and much more is needed, if one wants to begin assembling metrics and from these make business and technology decisions.

While this does paint The Planet's offering in a very positive light, one has to question the pertinence of the actual test. (Knowing how our offering would have performed in the specific test, as the CEO of Mezeo, I am a bit disappointed that we were not included in the test) Of course, at the end of the day we have to remember that this is after all a test conducted by one of the vendors who also somehow turned out to be the winner. A third party validation of the results would certainly be more credible. To that end we are assembling a slate of comparisons and seeking third party verifications, and hope to publish these results in late summer. 

A notable omission in the test was the comparison of the price per GB of the storage. Based upon published prices, The Planet offering is significantly more expensive than the others. 

This  introduces the idea of price performance, and that is very applicable, since many Cloud Storage use cases do not contemplate that the accessing server is housed in the same data center as the Cloud Storage solution it is accessing.   When access via the Internet is contemplated, the specific speeds of upload and download as revealed in the aforementioned test may be less pertinent, whereas price or other features may be the major differentiator of note.

How about the following metrics:
 

• availability: a fact based measurement
• reliability: based on the SLA offering 
• ease of Web Services API access: length and complexity of required API usage against a defined set of standard actions
• access methods: WebDAV, NFS, CIFS
• security
• feature/function richness and differentiation: sharing and collaboration, available clients, tagging, geo capabilities
• utility billing: true pay for use and on what time frames and at what minimums, and ultimate scalability (how much storage is immediately available). 
  

All or any of these may be highly pertinent to a Cloud Storage decision. 

And finally, how about running the test enough times so that the results are reliable and meaningful? Running the test for a total of four times and concluding that Amazon S3 has a 90+% variance is a bit of a stretch.

Please do not take this blog post as being too critical; I am grateful that The Planet is signaling a degree of market maturity as real, meaningful discussion of Cloud Storage attributes are brought to the marketplace.  The Planet is to be congratulated for elevating the discussion.  Now all Cloud Storage service providers, and infrastructure providers who enable storage cloud offerings, need to begin the hard work of defining the metrics, and publishing the results.

It is very interesting that we are still working out the definition of Cloud Storage and now we are faced with benchmarking competing service offerings.  The Cloud Storage marketplace is growing rapidly, and all of us are engaged in bringing this new capability to market. 

Thanks for reading this post, and stand by, more on this topic coming soon. 

The last few days have seen a lot of discussion over the McKinsey & Company report: Clearing the Air on Cloud Computing.   McKinsey said the cost of the Cloud is high when compared to a large enterprises ability to implement similar services in house.   They may, currently, be correct, but over time, this will likely be a differentiation that will erode.  Enterprises will need the Cloud, as new applications become Cloud dependent.  We have seen, for the first time, services move down the infrastructure stack.  For example, tagging, sharing and collaboration will become requirements for Cloud Storage.

McKinsey rightly stated that Public Cloud is the domain of the small and medium business.  What I have observed is that every year, larger companies join this view.  We now say it this way:  SMB and mid tier enterprise will turn to the Cloud.  Mid tier will continue to include larger and larger companies.

Also, each Enterprise is different, and in different financial circumstances.  Their existing IT infrastructure may be out of date, and require a very capital intensive retrofit to achieve the same economies as public cloud.  To the extent an Enterprise does not want to put it's capital to work in IT, in house computing will be a less popular option, regardless of opex costs.  The McKinsey view seemed very cost focused, and cost is driving Cloud consideration in the enterprise.

The key issue was raised, but did not receive in depth consideration!

Public Cloud providers must, I repeat, must build out mission critical service delivery capability, with security, management and SLAs that deliver the credibility and service level an enterprise will require to move their in house applications to the Cloud.  Its that simple, and that is the issue.  IT service providers get this, and will deliver it within their clouds.  Simple to say, a bit harder to do.  But, it will happen.

UPDATE
- Tim Bray lets McKinsey have it >>
- Amazon's James Hamilton has an insightful post here >>

The trust issue will not go away.

In a bit of a publicity stunt, the Electronic Privacy Information Center asked the Federal Trade Commission to investigate Google's Cloud Computing Services, specifically concerning:

a. the adequacy of Google's privacy and security safeguards regarding storage of personal information on its Cloud Computing Services; and
b. the sufficiency of Google's privacy and security safeguards in light of the company's assurances to consumers regarding its Cloud Computing Services.

The official document filed with the F.T.C. states:

This complaint concerns privacy and security risks associated with the provision of "Cloud Computing Services" by Google, Inc. to American consumers, businesses, and federal agencies of the United States government. Recent reports indicate that Google does not adequately safeguard the confidential information that it obtains. Given the previous opinions of the Federal Trade Commission regarding the obligation of service providers to ensure security, EPIC hereby petitions the Federal Trade Commission to open an investigation into Google's Cloud Computing Services, to determine the adequacy of the privacy and security safeguards, to assess the representations made by the firm regarding these services, to determine whether the firm has engaged in unfair and/or deceptive trade practices, and to take any such measures as are necessary, including to enjoin Google from offering such services until safeguards are verifiably established. Such action by the Commission is necessary to ensure the safety and security of information submitted to Google by American consumers, American businesses, and American federal agencies.

P.R. stunts aside, where do we go from here?

Clearly, encryption, effective data anonymization, and mobile location privacy are "must-haves" in the cloud.  Hosting providers who deal with this issue will keep their customers' trust. And as I mentioned earlier, part of being a trusted service provider includes a commitment to how you will serve the customer, and positioning your business for success in your offerings.  It means a robust offering, with appropriate availability, backup, and of course, security.

Coming on the heels of the Cisco-BMC announcement, the news of an IBM/Sun merger and the simultaneous announcement of Sun’s Open Cloud Platform are not mutually exclusive events.  They’re all part of the ongoing race to capture the Enterprise Cloud. The elephants are dancing.  

The announcement continues the pattern of rapid marketplace adoption of Cloud Computing in general and that includes Web services API based storage access that began with Amazon and continued with Rackspace.  This space is really heating up.  More and more players are stepping up to challenge Amazon.

This tells us that IT hosting providers are running to get in the cloud storage and cloud computing game sooner rather than later. Having come from that space, I can tell you that this issue is top of mind in the hosting space. Amazon, Google, Microsoft and now Sun want to be the cloud for every customer. 

The hosting industry is ideally positioned to deliver cloud computing and cloud storage solutions to their existing and future customers.  Cloud Computing (see previous post on Cisco and BMC) is a service offering for which both hardware and software technology is rapidly developing.  Management tools are also coming online from many vendors.  The ability for the IT hosting industry to effectively compete will quickly be enabled by a new market segment, “Cloud Infrastructure Providers”.  When you combine the availability of solutions with the effective service oriented relationships that IT hosters have enjoyed with their customers, a significant opportunity is emerging.

The first act in Cloud Computing is underway.  Another character has entered the stage and received a round of applause.  They lend additional credence, and a call for more standardization, and less vendor lock in.  The key to the cloud will be ease of use, reliability, security, and of course, cost. 

With so much negative news on business and our economy, I find that Cloud Computing, and its new technologies and opportunities are very exciting.  This is how it has always felt in our industry, which we can change for the better, innovate like no one else, and create significant businesses and new opportunities.

Let’s dig a little deeper into the real story here: Sun’s open source vision and stated commitment to interoperability and its extension into Cloud Computing:

Ideally, users of cloud computing would be able to move their applications among a variety of standardized providers who offer open-source interfaces to common services. Today, most clouds are proprietary, and even where the components offered are open source, cloud operators cultivate significant lock-in through their underlying services, such as storage and databases.

Jonathan Schwartz explains on his blog:

This morning, Dave Douglas, the SVP of our Cloud Computing business, announced we’re building the Sun Cloud, atop open source platforms - from ZFS and Crossbow, to MySQL and Glassfish. With more than 4,000 developers hard at work on these enabling elements, and a twenty year history of network scale software innovation, we’re very comfortable with our technology lead. By building on open source, we’re also able to radically reduce our costs by avoiding proprietary storage and networking products.

Second, we announced the API’s and file formats for Sun’s Cloud will all be open, delivered under a Creative Commons License. That means developers can freely stitch our and their cloud services into mass market products, without fear of lock-in or litigation from the emerging proprietary cloud vendors.

Third, unlike our peers, we also announced our cloud will be available for deployment behind corporate firewalls - that we’ll commercialize our public cloud by instantiating it in private datacenters for those customers who can’t, due to regulation, security or business constraints, use a public cloud. We recognize that workloads subject to fiduciary duty or regulatory scrutiny won’t move to public clouds - if you can’t move to the cloud, we’ll move the cloud to you.

So where does IBM come in? 

If you read about Schwartz’s three strategic imperatives, you learn they are as follows:

1. Technology Adoption
2. Commercial Innovation
3. Efficiently Connecting 1. and 2.

Notice too, that Schwartz is brutally honest about Sun’s challenges with imperative #3:

With Sun’s current products, we could be selling to twice the number of customers we currently serve - our products appeal to an audience far greater than our customer base. But we’re limited by our size - our sales and partner force has a tenth the resources of our biggest peers.

So let’s review, Sun’s doing well on 1. and 2. with widespread adoption of “free” products like MySQL and Open Solaris, but lacks the sales and service firepower to execute on 3..

Did anyone say “IBM Global Services”?

And now, with the Cloud being touted as the future of IT, we see why a merger between IBM and Sun becomes a value creating proposition for both concerns.  Sun becomes the “low-cost” open-source provider, while IBM gets to feed its highly profitable (and nowadays hungry) professional services division.

Which leaves Microsoft’s Azure out in the cold. Small wonder that Bill Gates used to say that IBM, not Google, was Microsoft’s real competitor.

On a more technical level, the rationale behind this merger can be seen more clearly if you take a look at Troy Angrignon’s wonderful Cloud Computing Ecosystem Map v1.0. Scroll down and zoom into the map; the merger seems to make more sense at this level. When you combine IBM and Sun, the resulting “tessellation” of competencies is very impressive.

For more on this story, take a look at these columns by James Urquhart, Reuven Cohen, and Matt Asay.

As an end note, I’d like to state that this merger does not mean the race is over.

Far from it.

What we’re seeing is a new strategy developing across the IT industry. Hosting  companies, MSPs, and SaaS providers will still have to provide clouds of their own to compete against Amazon, Microsoft and Google. There has always been room for a number of providers for hardware, software and services, competing on price, value, and support. No one player need dominate the cloud computing space. Choice and competition always drives value and innovation.

And that’s where we’d like to help.