Posts Tagged ‘Cloud’
Developers are in a unique position to educate and to capitalize on cloud opportunities. Unlike learning new programming techniques or Frameworks, cloud learning moves beyond development. There are infrastructure aspects to consider as well as potential organizational process and policy changes. However, developers know the application and cloud administration is a much lower bar, than, for example network administration. If you’re looking for a strategy to follow to cloud enlightenment; you’re reading the right article.
Give the Cloud a Whirl
When it comes to the cloud, don’t wait for the storm to hit you, but rather educate yourself; there is no substitute for experimentation and hands-on experience. Start by separating reality from marketing. Almost every cloud vendor offers a free trial. For example: Microsoft Azure offers a free trial. If you are truly new to cloud development; imagine borrowing a company server for 3 months; only there is no setup time. Just turn in on and away you go.
Given that experimentation time is limited; go for breadth rather than depth. Get a taste of everything. What most developers find is; after some initial orientation and learning the experience becomes what they already know. For example: Azure has an ASP.NET based hosting model called Web Roles. After configuring and learning Web Role instrumentation, the development experience is ASP.NET. Learning Azure Web Roles amounts to learning some new administration and configuration skills; coupled with a handful of new classes. The rest of what you need to know is nothing new if you’ve done ASP.NET!
Developer must keep their time constrained. Struggling for hours with something new is often not worth the effort. One should question wide adoption of something that will be difficult to work with. Cloud offerings are typically not niche or differentiating skills like, for example, SQL Server tuning.
Whatever cloud option a developer starts with; understand the authentication options. Intranet developers typically take authentication for granted. ASP.NET makes authentication look easy. Consider all the moving parts involved in making authentication automatic and secure. Understanding authentication is especially important if parts of an application will live within the organization’s datacenter and within the cloud provider.
Finally, look for the right opportunities to apply these new skills.
Navigating the Fog
Most developers are adept at picking when to jump on new technology and when to pull back. Unlike adopting, for example, a new Web Services approach; adopting a cloud option entails learning a little more administration. The cloud can give a developer total control, but the cost is learning a bit more administration.
Developers may find themselves in new territory here. Typically a “hardware person” selects a machine and a “network person” selects and configures a firewall. Cloud portals make network and server configuration easier, but the portal doesn’t eliminate the configuration role. The public cloud handles the hardware; but the developer must choose, for example, how many; CPUs, servers, and load balancers will be needed. This lowers the administration bar, but also might place the burden on the developer.
The cloud will not be the right option for every project. Give the cloud a fair chance. Decision makers may have two reactions to cloud; outright rejection or wild-eyed embrace. Neither reaction is healthy. There is middle-ground. Don’t let unrealistic expectations set by marketing brochures guide the first project. A developer’s experiences described earlier in the article will be helpful here. Set the bar low. Make the first experience a good experience.
Supplementing with the Cloud
One potential approach is to supplement with the cloud. Let the cloud handle some part of the application. For example: requirements may dictate a web page to handle user registration. Registrations often have deadlines and, given human nature, people often procrastinate. Registration traffic is likely to spike the week or a few days before the deadline. Rather than purchasing servers to accommodate the spike; leaving usage idle for most of the year, do registration in the cloud. Dial up more servers the week before registrations are due and dial the server could back down the week after registrations are due.
Aside from technical change; cloud adoption may require organizational change.
Clouds Don’t Work in a Vacuum
I would bet good money that most developers reading this article have no idea which ports in their organization are closed to incoming TCP/IP connections. However knowing who to ask is far more important than what is known. In some sense every organization is its own private cloud. Networking professionals have been connecting things together longer than developers. Internet performance is considerably different than Intranet performance. Cultivate relationships with whoever operates your Firewall.
Passing through a Firewall is overhead. Your organization’s infrastructure may not be cloud ready. Though if your network people banter about DMZs; chances are your organization’s infrastructure is probably cloud ready. As stated earlier authentication is important to cover; forcing users to authenticate multiple times within an application is intolerable to most users.
Budgeting for servers may be different than budgeting for compute cycles. There may be concern over whether compute cycles will amount to more than purchasing a server or two. There is no shortcut here. Just like any other budgeting a developer must do the math. Again, this may be new territory for developers. Typically developers aren’t asked how much storage an application requires. Typically the storage cost is spread throughout the projects an organization conducts. Budgeting difficulties may be a good reason not to do a project. The upside is; after doing the math a developer will likely find that costs are far below buying the hardware.
The cloud gives a developer control over all components from administration to assemblies. Added control comes with a price. A developer must venture into some new territory. This article provided a path to follow.
What is your opinion on cloud opportunities? Is it worth to give a trial? What is your personal experience in adopting a cloud option? Maybe you have some thoughts to share!
It seems most companies understand opportunities that cloud computing solutions and services open up for them, especially for SMBs. So now the question sounds like: how to choose a good provider and the right one for your company and to what extend cloud computing services should be used. The complexities are numerous – issues such as security management, attack response and recovery, system availability and performance, the vendor’s financial stability and its ability to comply with the law, all need to be considered. There may be a number of advice and tips formulated with this regards (some are taken from CIO article):
1) Choose trusted providers. Today it exists a number of cloud tech companies to choose from and new ones go live each month. Despite this for cloud services it’s better to stick with trusted and solid companies. To name a few: Microsoft, Google, Intuit, Dropbox, Apple, Amazon, Salesforce. These are companies with deep pockets and dealing with security, and your data is an important part of their business.
2) Distribute between free and paid accounts. For storing financial or alike information paid accounts are preferable. For less critical data and applications free accounts of big trusted cloud service providers may work well. For instance, Google can afford to offer decent free accounts because their business is well-established and their free services just act as bait aimed at attracting new users and then gently pushing them towards paid services and premium accounts.
3) Select the right apps and data for the public cloud. Some businesses, mainly start-up companies, begin using the public cloud for all applications, including mission-critical apps and their data. However, public clouds are neither for every organization nor for every application: what can be subject to the default security provided by most cloud service providers are websites, application development, testing, online product catalogs and product documentation.
4) Evaluate and add security if it makes sense. CSPs can provide significantly different levels of public cloud security. The ISO/IEC 27000 series of standards provides guidelines for evaluating this. If necessary security measures that are used in an organization’s internal private cloud may need to be extended to their public cloud instances, and some cloud products like CloudSpan allow doing this.
5) Get use of the third-party auditing services. When comes to security compliance, organizations need not simply take the CSP’s word for it. Third-party auditing services can be used to audit and then compare to the promised ones.
6) Add authentication layers. Most CSPs provide good authentication services for public cloud instances. Some products like Halo NetSec can help add an additional layer of authentication. Before doing this you need to weigh the benefits of better public cloud security against the costs of increased network latency, possible performance degradation and additional points of failure.
7) Weigh additional security effect on integration. Adding on top of default security by CSP may affect overall application performance and identity and access management. It’s especially important to consider if you work with mission-critical application that need to integrate with other business applications.
8) Make security guarantees from SLA clear for yourself. Public cloud security guarantees with CSPs should be clearly stipulated as service level agreements in the contract, so make sure that transparent monitoring and reporting functions are available to you as a customer as well as security processes, procedures and practices are transparent and verifiable so that you may rely on this information.
9) Streamline logging and monitoring. Comparing one CSP’s logging and monitoring practices with another before you sign a SLA may reveal subtle differences in the security that’s provided so it’s another key to ensuring public cloud security.
10) Add encryption. You may want to employ your own encryption instead of or in addition to the ones provided by the CSP. A number of installable products or SaaS vendors can do this type of encryption on the fly. (VPN-enabled cloud instances fall under this category of augmented public cloud security.) When this happens, only the customer and the third party know the key; the CSP does not.
11) Spread outages risk with multiple even redundant CSPs. Despite cloud provisioning tools these days come already integrated with leading CSPs, it’s possible to spin up additional instances of servers with multiple CSPs automatically on demand: they are turned on if average CPU utilization reaches a certain threshold and turned off once utilization drops. Also when spinning up additional instances, it may make sense to use different CSPs in a round-robin fashion.
Thus, as you may see, experience of using cloud services may be adjusted and improved through following some advice. What’s crucial is finding a balance between cloud security and performance. Naturally there’s always a tradeoff when adding layers of security may be at the expense of application running slower and potentially adding points of failure. Figuring out the right balance between security and performance, though being difficult, is a must-have to run a strong business today.
Helen Boyarchuk – Business Development Manager (LI page)
Helen.Boyarchuk@altabel.com | Skype ID: helen_boyarchuk
Altabel Group – Professional Software Development