Part 3: Economics of Cloud Computing

Part 3: Economics of Cloud Computing

“Overview … Review of Service Models … SWOT Analysis and Value Proposition … General Cloud Computing Risks … Risks 2: Performance, Network Dependence, Reliability, Outages, and Safety Critical Processing … Risks 3: Compliance and Information Security … Value and Risk of Open Source Software … Cloud Computing Cost Analysis … Selecting an IaaS Provider
Cloud Standards and Intercloud Interoperability … Recommendations for Successful Cloud Migration”
(Source URL)

Summaries

  • Part 3: Economics of Cloud Computing > Overview > Video
  • Part 3: Economics of Cloud Computing > Review of Service Models > Video
  • Part 3: Economics of Cloud Computing > SWOT Analysis and Value Proposition > Video
  • Part 3: Economics of Cloud Computing > General Cloud Computing Risks > Video
  • Part 3: Economics of Cloud Computing > Risks 2: Performance, Network Dependence, Reliability, Outages, and Safety Critical Processing > Video
  • Part 3: Economics of Cloud Computing > Risks 3: Compliance and Information Security > Video
  • Part 3: Economics of Cloud Computing > Value and Risk of Open Source Software > Video
  • Part 3: Economics of Cloud Computing > Cloud Computing Cost Analysis > Video
  • Part 3: Economics of Cloud Computing > Selecting an IaaS Provider > Video
  • Part 3: Economics of Cloud Computing > Cloud Standards and Intercloud Interoperability > Video
  • Part 3: Economics of Cloud Computing > Recommendations for Successful Cloud Migration > Video
  • Part 3: Economics of Cloud Computing > Summary of Part 3 > Video

Part 3: Economics of Cloud Computing > Overview > Video

  • The decision making process incorporates a comprehensive identification of risks and opportunities presented by cloud adoption.
  • Next, we briefly look at two IEEE led cloud standards initiatives that will increase the interoperability potential of cloud based systems and help reduce the risks and decrease the costs of cloud computing.

Part 3: Economics of Cloud Computing > Review of Service Models > Video

  • Middleware, provided by such technology as Java virtual machines, provide the abstraction layer in the platform as a service or PaaS service model, where typical consumers are application developers.
  • Finally the infrastructure as a service or IaaS service model provides an abstraction for hardware and software infrastructure by virtualizing such resources as processing and storage.
  • IT administrators are the likely consumers for IaaS services and some current popular providers of such services are shown in the cloud in the lower left of the diagram.

Part 3: Economics of Cloud Computing > SWOT Analysis and Value Proposition > Video

  • Weakness are identified here as computing performance latency due to network communications overhead; low reliability; and limitations in customizability and configurability.
  • Finally threats exist in data confidentiality; integrity and availability; interoperability limitations; and various legal and financial risks.
  • Or, if an organization wishes to retain internal control of an application because of proprietary concerns, then even SaaS may not be appropriate.
  • In order to make the forgoing discussion as general as possible, value propositions can be interpreted either as strengths or opportunities and risks can be interpreted as either weaknesses or threats depending on the organization, application and environment in question.
  • End users who directly use software applications, whether on their own or on behalf of their organization.
  • Software application administrators who configure an application for end users.
  • In software as a service consumers get the right to use specific applications on demand, and application data management, such as backup and data sharing between consumers.
  • Usage fees are typically, based on the number of users, the time in use, per-execution, per- record-processed, network bandwidth consumed, and quantity/duration of data stored.
  • Typical consumers for platform as a service offerings are: Application developers, who design and implement an application’s software.
  • Application testers, who run applications in various testing environments.
  • Application deployers, who publish completed or updated applications into the cloud, and manage possible conflicts arising from multiple versions of an application.
  • Application administrators, who configure, tune, and monitor application performance on a platform.
  • In all of these cases the consumer receives the use of the PaaS cloud provider’s tools and execution resources to develop, test, deploy and administer applications.
  • Usage fees are typically calculated based on the number of consumers, the kind of consumers, storage, processing, or network resources consumed by the platform, requests serviced, and the time the platform is in use.
  • These consumers see value in ready access to virtual computers, network-accessible storage, and network infrastructure components such as firewalls, and configuration services.
  • In IaaS usage fees are calculated typically per CPU hour, data gigabyte stored per hour, network bandwidth consumed, network infrastructure used per hour, and value-added services used.
  • Network infrastructure used is often measured in the number of IP addresses consumed and value-added services often include monitoring and automatic scaling capabilities.

Part 3: Economics of Cloud Computing > General Cloud Computing Risks > Video

  • Cloud computing is not a solution for all consumers of IT services, nor is it appropriate for all applications.
  • As an emerging technology, cloud computing presents a number of risks for IT hosted services.
  • Complex computing systems are prone to failure and security compromise.
  • With this in mind, it is important to understand that cloud systems, like all complex computing systems, will contain flaws, experience failures, and experience security compromises.
  • The existence of these issues does not disqualify cloud systems from performing important work, but it does mean that techniques for detecting failures, understanding their consequences, isolating their effects, and remediating them, are central to the wide-scale adoption of clouds.
  • Cloud computing has potential to foster more efficient markets through convenient leasing of computing resources.
  • In some scenarios, cloud computing offers consumers the ability to forgo capital expenses such as building internal computing centers, in exchange for variable service fees.

Part 3: Economics of Cloud Computing > Risks 2: Performance, Network Dependence, Reliability, Outages, and Safety Critical Processing > Video

  • Cloud computing incurs several performance risks that are similar to performance issues of other forms of distributed computing, and should be incorporated in the SWOT analysis.
  • Latency experienced by cloud consumers typically includes at least one Internet round-trip messaging time.
  • Access to documents stored in clouds is problematic when consumers do not have network connectivity.
  • The ability to synchronize documents and process data, while the consumer is offline and with documents stored in a cloud, is desirable, especially for SaaS clouds.
  • Accomplishing such synchronization may require version control, group collaboration, and other synchronization capabilities within a cloud.
  • Cloud users can leverage data- and task-parallelism to take advantage of additional computing capacity, as well as to better scale computationally intensive tasks.
  • When data storage is considered in the context of clouds, consumers require the ability to: provision additional storage capacity on demand, know and restrict the physical location of the stored data, verify how data was erased, have access to a documented process for securely disposing of data storage hardware, and administer access control over data.
  • Reliability refers to the probability that a system will offer failure-free service for a specified period of time within the bounds of a specified environment and presents a significant threat to cloud computing users.
  • For any cloud, reliability is broadly a function of the reliability of four individual components: the hardware and software facilities offered by providers, the provider’s personnel, connectivity to the subscribed services, and the consumer’s personnel.
  • Measuring the reliability of a specific cloud by the provider or consumer will be difficult for two main reasons.
  • A cloud may be a composition of various components, each inheriting a particular degree of reliability when it was measured as a standalone entity.
  • Reliability measurement is a function of an environment, and it may not be possible to fully understand the entire environment in which a cloud operates.
  • For clouds, and most systems of significant scale, each component has a specific reliability given a specific context, and therefore understanding the union of the contexts is complex and possibly intractable.
  • For most clouds, the Internet must be continuously available for a consumer to access services.
  • In the case of consumer-facing applications such as webmail entrusted to a cloud, this dependence is a risk whenever applications need continuous service.
  • In numerous instances, consumer-facing applications either cannot access a cloud because of coverage limitations or are vulnerable to network disruption.
  • Cloud applications should cryptographically sign requests to providers and similarly protect consumer data in transit.
  • Most substantial applications use the Internet today regardless of whether cloud computing is employed; therefore the reader should not assume that by avoiding a cloud a user automatically avoids risks associated with Internet outages.
  • Special consideration should be given before migration of safety critical systems to the cloud.
  • Because of the current lack of ability to assess the “Pedigree” of one of these systems within a cloud, employing cloud technologies as the host for this class of applications is not recommended.
  • This fact does suggest that while cloud technologies should not be used in safety-critical systems, cloud technologies can be considered in supporting roles, for example, employing a cloud to run a simulation of a safety-critical system under development.

Part 3: Economics of Cloud Computing > Risks 3: Compliance and Information Security > Video

  • Different models of cloud service delivery add or remove different levels of control from the consumer and provide different degrees of visibility.
  • The option for a consumer to request that additional monitoring mechanisms are deployed at a provider’s site is plausible and currently used in a variety of non-cloud systems.
  • Consumers may have to comply with international, Federal, or state statutes and directives that prohibit the storage of data outside certain physical boundaries or borders or that govern the disclosure of certain personal data.
  • Although technologists may have logical control over the data and employ cryptographic mechanisms to mitigate the risk of unauthorized disclosure, consumers must still comply with these statutes and regulations.
  • These needs are complicated because providers typically view the implementation and configuration of their offerings as proprietary information, and do not offer consumers visibility into such details.
  • The PaaS model appears to split responsibilities between consumers and providers.
  • Privacy addresses the confidentiality of data for specific entities, such as consumers or others whose information is processed in a system and should be viewed not only as a technical challenge but also as a legal and ethical concern.
  • Protecting privacy in any computing system is a technical challenge; in a cloud setting this challenge is complicated by the distributed nature of clouds and the possible lack of consumer awareness over where data is stored and who has or can have access.
  • Within a cloud there are stakeholders: consumers, providers, and a variety of administrators.
  • For IaaS clouds, different VMs may share hardware via a hypervisor; for PaaS, different processes may share an operating system and supporting data and networking services; for SaaS, different consumers may share the same application or database.
  • Although providers sometimes distribute client-side tools for cloud administration, browsers are also used for consumer account setup and resource administration, including the provisioning of financial information necessary to open and use an account with a provider.
  • Providers interoperate with many different consumer browsers and versions, and consumer-administered end systems and browsers may not be properly managed for security or may not be current.
  • Finally adequate protection of consumer cryptographic keys requires cooperation from cloud providers, and even with such cooperation, It is an open issue on how to use cryptography safely from inside a cloud.

Part 3: Economics of Cloud Computing > Value and Risk of Open Source Software > Video

  • Open source software is free for use, modification and redistribution provided the terms of the associated license agreement are followed.
  • Open source software is commonly used by cloud providers and provides both value and risk to the enterprise.
  • The openness and availability of open source software has created opportunities for industry and academia to easily conduct experiments and to develop deployable cloud computing technologies and systems that use open source software.
  • Use of open source software may also lead to increase interoperability and is expected to lead to various cloud computing standards.

Part 3: Economics of Cloud Computing > Cloud Computing Cost Analysis > Video

  • It includes subscription costs, integration and customization costs, user training costs, and the first year of ongoing operational costs.
  • SaaS subscription costs depend on the provider’s billing model, so we can estimate it from the number of users and the average monthly subscription fee.
  • Associated costs would include in-house development costs for customization, the costs of any related professional services such as consultants, integration costs, user training, hardware and middleware costs, and operational costs.
  • IaaS transforms hardware and infrastructure software costs to subscription fees that are based on the estimated number of server instances required, the middleware installed on them, the usage levels required by the application, and the server capacities.
  • Operational costs might include networking infrastructure costs, power costs, and the cost of floor space used by the equipment.
  • Networking costs depend on the deployment model and can include the Internet connection costs, security costs and administrator labor costs.
  • Such costs involve SaaS subscription fees, software and hardware maintenance expenses, customization costs, and professional support fees.
  • Annual software maintenance, customization, and professional support costs can be estimated either empirically from benchmark standards or as rough percentages from the initial software development cost.
  • Hardware maintenance cost for the in-house solution can be determined by using a percentage of the initial hardware expenditure Combining these costs, a manager can calculate the total cost of ownership for a period of n years by using the simplified formula for each of the three cases, the SaaS adoption, the in-house implementation and an IaaS adoption.

Part 3: Economics of Cloud Computing > Selecting an IaaS Provider > Video

  • Whether certain discounts are offered the average monthly cost for some sample of processing and storage resources The uptime offered The number of datacenters offered as a choice when deploying cloud server If the vendor has certain compliance- and security-related certifications.
  • If it is possible to scale up individual cloud server instances by adding more memory, extra CPUs or more storage space If it is possible to deploy new server instances quickly Support can be rated on some scale, such as poor, average and excellent Monitoring can be measured by a similar three-level subjective scale If the company offers APIs to interact with the servers If the provider has a “Free trial” feature that customers can use to test the service.

Part 3: Economics of Cloud Computing > Cloud Standards and Intercloud Interoperability > Video

  • One of the many challenges to cloud adoption and cost effective utilization is the absence of international standards.
  • One such standard is IEEE P2301, the IEEE Guide for Cloud Portability and Interoperability Profiles.
  • Cloud personalities are certain cloud configurations that are stereotypical and repeatable, say, for an application domain, user community, or industry.
  • Cloud interoperability requires protocols, directory service, namespace authority, trust authority, and governance coordination, and P2302 seeks to promote these qualities.
  • The P2302 standard creates an economy among cloud providers that is transparent to users and applications.
  • The Intercloud Root and Intercloud Exchanges would facilitate and mediate the initial Intercloud negotiating process among Clouds.
  • Once the initial negotiating process is completed, each of these Cloud instances would collaborate directly with each other via a protocol and transport appropriate for the interoperability action at hand; for example, a reliable protocol might be needed for transaction integrity, or a high speed streaming protocol might be needed for optimized data movement over a particular link.

Part 3: Economics of Cloud Computing > Recommendations for Successful Cloud Migration > Video

  • Plan for an eventual termination of a provider’s service during the procurement phase of the contract, and clarify how assets are to be returned.
  • Review the provider’s business continuity plan and redundancy architecture to understand if their stated availability goals are supported.
  • Request assurances that a provider employs established internal operating procedures and service management techniques for reliable system updates, data transfers, and other site modifications Determine whether the capabilities for defining the necessary controls exist within a particular provider, whether those controls are being implemented properly, and ensure that the controls are documented.
  • Traditional forms of direct assessment may not be feasible and may require working with the cloud provider to gain needed information and system access, or to allow third-party audits to establish a sufficient level of assurance.
  • The insider security threat is a well-known issue for most organizations and extends as well to the cloud provider’s staff.
  • Investigate whether a provider can support ad hoc legal requests for discovery and preservation of data.
  • Ascertain the operating policies of providers for their: willingness to be subjected to external audits and security certifications.
  • Finally determine providers’policies for the vetting of privileged uses such as the provider’s system and network administrators.
  • Ensure that all personnel read and understand the provider’s acceptable use policy, and negotiate an agreement for resolution of specific classes of policy violations in advance with the provider.
  • Finally, consumers and providers should agree on a set of procedures a consumer needs to perform to take an application offline, the testing that must be performed to ensure the application continues to perform as intended, and the procedures needed to bring the application back online.
  • Before a decision is made to migrate to a cloud, ensure that the application infrastructure interfaces provided in that cloud are generic or at least that data adaptors could be developed so that portability and interoperability of the application is not significantly impacted.
  • When data of differing levels of sensitivity are to be processed in a cloud, multiple distinct clouds can be used concurrently to provide different levels of protection to sensitive and non- sensitive data.
  • Finally, you should be able to examine the capabilities of providers with respect to: data backup, archiving, and recovery.
  • Physical plant security practices and plans at provider sites as part of the overall risk considerations when selecting a provider.
  • Use authentication tokens or other appropriate forms of advanced authentication, which some providers offer, to mitigate the risk of account hijacking and other types of exploits.
  • Consumers should have visibility into the following capabilities of a provider: including the authentication and access control mechanisms that the provider infrastructure supports, the tools that are available for consumers to provision authentication information, and the tools to input and maintain authorizations for consumer users and applications without the intervention of the provider.
  • Benchmark current performance scores for an application, and then establish key performance score requirements before deploying that application to a provider’s site.
  • When providers offer computing resources in the form of VMs, ensure that the provider has mechanisms to protect VMs from attacks by: other VMs on the same physical host, the physical host itself, and the network.
  • In all cases, formulate a strategy for migration of Virtual Machines and their associated storage among alternative cloud providers.
  • When available, choose clouds that provide application development frameworks that include an architecture and tools for mitigating security vulnerabilities.
  • Tools that support the intuitive authoring and maintenance of security policies, and provide an integrated application development environment covering the full system lifecycle, with an orientation towards facilitating security accreditation, are preferable.
  • Before a decision is made to deploy a new application in a cloud, or compose an application from the building blocks offered by a provider, a consumer should ensure that the libraries – included in the compilation phase or called during the execution phase – behave as intended, both in terms of functionality and performance.

Part 3: Economics of Cloud Computing > Summary of Part 3 > Video

  • Cloud-vendor relationships characterized by trust are critical for cloud deployment and the promise of gaining advantage in a competitive market.
  • Organizations achieve greater IT economies of scale with cloud computing when investing first in relational, technical, and managerial capabilities.
  • Cloud based computing systems are complex and share many of the same challenges as a conventional distributed computing model, as well as offering their own unique challenges.
  • The decision to migrate one or more applications, services, or an entire enterprise to a cloud computing model is a critical one that involves substantial risk and reward.

Return to Summaries

(image source)

 

Leave a Reply

Your email address will not be published. Required fields are marked *