ppt - uw staff web server
TRANSCRIPT
Cloud Computing 101Cloud Computing 101
Terry Gray, PhDAssociate Vice President,
University Technology Strategy&
Chief Technology Architect
University of WashingtonFebruary 2009
• Hot or Not?
• Background
• Tradeoffs
• Needs/Expectations
• Role of Central IT
• Institutional Strategy
• Market Transformation
• Case Studies
• Summary
CC Quote #1
“It's stupidity. It's worse than stupidity: it's a marketing hype campaign.”
“Somebody is saying this is inevitable – and whenever you hear somebody saying that, it's very likely to be a set of businesses campaigning to make it true."
Richard Stallman 29 Sep 08 UK Guardian
CC Quote #2
“The interesting thing about cloud computing is that we’ve redefined cloud computing to include everything that we already do.”
Larry Ellison 25 Sep 08 Wall Street Journal
CC Quote #3
"When people talk about cloud computing, they're talking just about taking some stuff, putting it outside the firewall, and perhaps putting it on servers that are also shared or storage systems."
Steve Ballmer 25 Sep 08 @ Churchill Club (InternetNews)
Microsoft Cloud Vision“Software and Services”
"We're taking everything we do at the server level and saying we will have a service that mirrors that exactly. It's getting us to think about data centers at a scale that we haven't thought of before... [to create] a mega-data center that Microsoft and only a few others will have."
-Bill Gates @WWDC, quoted in NY Times 3 June 2008
"We believe that by 2010, at least 25 percent of our Office users will be using some kind of [online] service provided by Microsoft"
-Eron Kelly, Director of Product Management, 2008
The rise of utility computing
So... Cloud Computing:
Hot or Not?Hot or Not?
Nick Carr
Richard Stallman
Larry Ellison
Bill Gates
Background
• Usually web-based apps running “elsewhere”• Early examples: Hotmail (1994) Salesforce (1999)• Also “platform services” -renting computing/disk
• Not traditional "outsourcing the IT dept"• But it impacts current dept'l & central IT svcs
• Both consumer and enterprise services• Many vertical apps, e.g. PCI, CRM
• Think timesharing service bureaus, but with new technology and new business models:
• Low cost via high-scale, uniform tech & contracts• Hybrid “free & fee”; low-touch DIY support
What is Cloud Computing?aka “utility computing”, “SaaS”
Full circle: Mainframe → Mini → PC → "Cloudframe"
Motivation
• Individual– Effectiveness: convenience, flexibility, resilience– e.g. cross-org collaboration; episodic calculations
• Institutional– Efficiency: reduce IT costs; raise PI effectiveness– e.g. reducing datacenter & support costs
→ This is where our students/fac/staff will be!
→ Many of them seek a more “integrated life”
Cloud Dependenciesthe essential ecosystem
• To be effective:• Advanced web browsers
• Fast & dependable networks
• To be efficient:• Multiple, massive datacenters
• Low-touch support paradigm
IT Evolutionfrom artifacts to abstractions
• Build e.g. Pine
• Buy (a right to use) e.g. Exchange
• Borrow (open source) e.g. Thunderbird
• Barter*/Rent (cloud svcs) e.g. Gmail
The last two are transformational, especially in bad times
* eyeballs for ads
IT EvolutionWho ya gonna call (for commodity IT)?
Individual
Departmental
Central
Cloud
Goodbye “IT priesthood”... Hello “Consumer Computing”
In the beginning...
IT Evolutioncloud applicability will grow over time
ExtremeComputing
MundaneComputing
Cloud
Dedicated
MundaneComputing
Cloud
Dedicated
2008
ExtremeComputing
MundaneComputing
Cloud
Dedicated
MundaneComputing
Cloud
Dedicated2012
History
1949: ADP founded (Cloud's spiritual ancestor?)
1994: Hotmail
1999: Salesforce.com
2003: MySpace; Nick Carr's “Does IT Matter?”
2004: Gmail, Facebook
2005: YouTube
2006: Amazon S3/EC2, Google Apps
2007: MS announces ExchangeLabs
2008: Zoho selected by GE (400,000 seats)
A Tale of Two Cloudsor maybe twenty...
Application Services (SaaS)e.g. Gmail
Platform Services (PaaS)e.g. Amazon EC2, S3
- Saas vs. PaaS - Microsoft vs. Google vs. ... - Consumer vs. Business - Free vs. Fee - Internal vs. External - etc...
A Tale of Many Clouds“The Cloud Multiverse”
All of these co-exist, along with hybrids, e.g. local + cloud
Cloud Business Models
• Fee for service / subscription (advantage MS)
• Free / Ad-based (advantage Google)– Our eyeballs = their inventory– Advertisers = their customers
• Most vendors use both models
• High-scale efficiency & self-support is crucial
• Initially: focus on individual consumerNow: add enterprise deals w/premium svcs
Sweet Spot?
• Accepted wisdom: Small – Medium BusinessPaaS especially attractive for Start-Ups
• BUT: large research universities can be thought of as federations of hundreds of independent businesses... YET: Higher-Ed is still split over CC use
• Datacenter issues will drive eScience choices
• Large businesses are just starting to embrace e.g. GE's 400,000 seat Zoho deal
Some Cloud Computing Vendors(at different service layers)
Application Service(SaaS)
Application Platform
Server Platform
Storage Platform Amazon S3, Dell, Apple, ...
3Tera, EC2, SliceHost, GoGrid, RightScale, Linode
Google App Engine, Mosso,Force.com, Engine Yard,Facebook, Heroku, AWS
MS Live/ExchangeLabs, IBM, Google Apps; Salesforce.comQuicken Online, Zoho, Cisco
Tradeoffs
Traditional Out-tasking
Tradeoffs
Advantages Allows enterprise to
focus on strategic core competencies
Easier to re-allocate resources & staff
Can leverage financial structure
Disadvantages Loss of control,
agility, flexibility High contract
management overhead
Quality control can be hard
TCO ???, Security ???, Liability ???
Cloud-SourcingSummary of Tradeoffs
Why it's becoming a Big Deal Use high-scale/low-cost providers; geo-diversity Any time/place access to docs via web browser Rapid scalability; incremental cost; load sharing Share of mind: no need to focus on commodity IT
Concerns Performance, reliability Control of data, service parameters Integration among tech silos Application features, choices Privacy, security, compliance, etc
CC Attractionsin more detail
Cost Flexibility; rapid scalability and de-scalability Data replication; geo-diversity Easier cross-institution collaboration Any {time, place, device} access via web browser Alternative if dept'l or central IT non-responsive This is where our students/fac/staff will be! Priorities: no need to focus on commodity IT Future of computing, esp. eScience
Cloud Concerns
Control vs. Locality– Central vs. decentral redux– Vendor surprises (e.g. feature changes)– CC does not lend itself to bureacratic control
Technical limitations – Accessibility and UI limitations of web apps– Reliability, performance, security; offline use– Lack of IAM integration (e.g. groups; logins)– Lack of interoperability (e.g. cal, groups, dir)
Institutional risks...
Institutional Concerns
• CISO– Security– Ability to do forensics after a compromise– Liability transfer
• Attorney General, Risk Management– Compliance, especially eDiscovery– Also ITAR, HIPAA, FERPA, etc– Indemnification
Why use cloud-computing?
Scalability: Handling load peaks (EC2 instances for a new facebook app)
Why not use cloud-
computing?
Ooops...
“74% ... prefer SaaS”
Why some enterprises are not interested in SaaS
Forrester Research study:
66% Integration issues61% Total cost of ownership concerns55% Lack of customization50% Security concerns42% "We can't find the specific app. we need"39% Complicated pricing models39% Application performance34% "We're locked in with our current vendor"
Challenging Assumptions
SaaS/Cloud Apps enable virtual desktops and platform flexibility
Needs & Expectations
Things We Need from the Cloud
• All the usual (e.g. reliability, perf, security, cost)
• Serious business partners (e.g. security, SLAs)
• Flexibility, choice
• Interoperability
• Interoperability
• Interoperability
Typical Vendor Preferences
• Desktop– Microsoft– Apple– Linux
• Mobile– Blackberry– Iphone– Android– Pre...
• Backroom– Microsoft– Linux & Unix– Apple
• Cloud– Google– Microsoft– Amazon– etc...
Claim: Homogeneity is not an option at any real research university
Key: Interoperability
• Across cloud silos
• Across desk/mobile platforms
• Across institutions
• With enterprise IAM
• With stds-based thick clients
• Poster-child: Calendaring
• Beware vendor myopia...
• The cloud is different
Interoperability Model
Cloud Provider B (e.g. Google)
Cloud Provider A (Microsoft)
MicrosoftThickClient
Non-MSThickClient
Generic Web (thin) Client
OpenProtocols
HTTP
ProprietaryProtocols
EnterpriseIAM Server
Role of Central IT
The Elephant in the Room
What is the future of Central IT?
Seattle Times April 1971 Hwy 99
We're Not Dead Yet!
“The IT department is far from dead yet - and will play the central role in managing the shift to the utility model and the coordination between Web-based services and those supplied locally.”
-Nick Carr
Also: "The End of Corporate Computing"
Which is good...
Institutional Value-Add
• Many cloud services originally targeted individuals, not institutions
• e.g. Windows Live, Google Team Edition• Contract is between vendor and end-user
• Institutional involvement brings:• Better risk management (e.g. Dept'l oversight)• Better compliance options (e.g. eDiscovery)• Group management for provisioning, billing• Branding opportunities
• Some services need to be kept internal• Key issue: locality vs. control & responsiveness
Role of Central ITa question of degree
• Support institutional compliance goals• Assist with policy and guideline definition• Partner selection; relationship & svc management
• Improve the user experience• Foster interoperability across vendors• Integrate with campus apps & IAM services• User support??? (Not necessarily)
Policy Development
• Data protection guidelines– Local – External – Mobile
• Appropriate cloud use guidelines
– There are things that should not be in the cloud!
Institutional Strategy
Strategic Choicesgiven that cloud use is already widespread
• What are the institutional goals for cloud use?– How do partner contracts affect institutional risk?– What about other external and mobile data?– What is the target adoption rate? How soon?
• What is role of central IT? – How much central app and IAM integration?– How much centrally-provided user support?
• Cloud computing is transforming IT
• Cloud usage is growing & unstoppable
• Institutional risks are greater if we do nothing
• Central role: enable, increase compliance, usability
Key questions:
Strategic Assumptions
How much central integration & support?Lead, follow, or get out of the way?
Institutional Goalsfor any central cloud computing role
• Compliance (e.g. eDiscovery, FERPA)
• Cost savings / avoidance (e.g. datacenter)
• Individual effectiveness ...
– IAM integration (e.g. group mgt)
– Application integration (e.g. calendar, Catalyst)
– Cross-vendor interoperability
Increase:
Institutional Risks
• Operational (service or business failures)• Individuals have biggest stake here for now
• Financial (surprise support or integration costs)• High-touch support model could kill future savings
• Compliance (failure → liability cost)• Primarily unauthorized disclosure of sens. Info• Limited forensics ability → notification cost• Ability to respond to legal requests for data
NB: 1) these kinds of business risks are uninsured 2) departments assume $$ liability for failure to comply w/UW policies 3) external/mobile data risks are not limited to cloud computing
Risk Mitigationcompared with status-quo
Contract terms added
Data security guidelines to define appropriate cloud use
Partner contracts provide for “admin” accounts
Inability to comply with FERPA
Disclosure of confidential data
Inability to respond to eDiscovery request
Example Policy Choices
• Appropriate use? (e.g. HIPAA, GLB, classified?)
• Partners: who and how many?
• Service eligibility: who and for how long?
• Premium services: how to fund/bill?
• Name spaces: common or free-for-all?
• Password policy: Same, different, don't care?
• User support tools: integrated or separate?
• Departmental or UW branding & administration?
Recommendationsfor central IT role to add value, reduce risk
• Lead & Follow • Encourage cloud use; Partner w/MS, Google, Amazon• Provide expertise & coordination; Assist policy efforts
• “Get out of the way”• Facilitate master contracts meeting UW & dept needs• Enable, don't mandate; soft-launch
• Moderate Integration (IAM and application)
• Balance usability/compliance goals w/TCO • Avoid both too little/too much; slippery slopes
• Minimum User Support• Manage central “Admin” accounts• Embrace low-touch DIY support paradigm
Is There Consensus?
• Cloud use should be encouraged, consistent with compliance obligations
• Institutional risk is reduced by executing partner contracts and incenting their use
• Institutions should leverage the cloud's low-cost user support model as much as possible
Market Transformation
Response: MS Live & BPOS
Microsoft's Challenge
• Software-and-Service theme: – Innovator's Dilemma: new cannibalizes old– How to preserve cash cow while embracing cloud?– Natural focus on traditional base
• Will focus on base undermine larger opportunity?
• We in central IT empathize with this challenge!!
• Key to broader success: interoperability standards
Case Studies
Case Study: DreamHost
23 May 08: Tom says...
“we are taking some steps to stop providing email. It’s just not something people are looking for from us, and it’s something the big free email providers like Yahoo, Microsoft, and Google can do better.”
Case Study: DreamHost
Noteworthy rebuttal :)
27 May 08: Tancred Says...
“This is totally rubbish. I have been with dreamhost for at least 5 years. I host with you for one reason. SSH + pine.”
Case Study: Bechtel 2000: Mandate to cut IT costs by 25% Used Six-Sigma process to focus on inefficiencies Internal report cards; compare w/ other companies Achieved 30% improvement Data Center consolidation: >30 → 12 → 3 Networking: Use the Internet; become an ISP Now: embracing web-based cloud computing,
becoming client agnostic; virtual desktops; becoming more “university like” re net security and desktop management.
MS shop, but looking at Google Apps, etc
Case Study: UW
Widespread Use @ UWwithout any central involvement
• 50% of students forward their UW email to cloud
• Popular cloud apps:• Facebook: 64K UW users; now big in classes• Google Gmail, Docs, Calendar• Windows Live (esp. Messenger)• Doodle (meeting scheduler)• Blackboard online used by Foster & UWB
• Platform services• Amazon EC2/S3• Slicehost
UW Faculty Quotes
• I have been subscribing to FilesAnywhere as a file storage/versioning system for my (distributed) research group for about 5 years.• I have used WebEx audio/web conferencing and NetMeeting for several software demos and collaborative work sessions.• Last year I used AOL IM Chat as a virtual meeting space for one session of a class of 20 students that would otherwise have been cancelled due to ice/snow. I thought was a good experience, and several students commented positively on it in their evaluations.• Various UW committees that I'm part of have used Google docs to share files and write together.• I've used AOL IM for online office hours and seedwiki for students to share information about the books they were using for course research.• Blogspot.com - students required to start, maintain and post to their own blogs (in lieu of a Moodle discussion forum)• Adobe ConnectPro and GoTo Meeting for synchronous presentation/discussion.• Skype for one-to-one office hours with DL students• Voicethread (one of the coolest tools I've seen in awhile) for asynchronous video chat/discussion.• One faculty used Office Live Workspaces last year in a class, he also is working on a new certificate that we are starting in Second Life.• Our entire distance Master's program is delivered using Adobe Connect (which is a cloud service that is hosted on campus, but the same idea). All of those classes also use Windows Messenger for chat.• A huge percentage of other classes use Facebook, Google Apps, BootCamp, WordPress etc. Basically name one and you'll find some class using it.• I use Facebook in my courses as well as PBWiki.• In the past, I used Live Office Workspace.• I use GoToMeeting and Webex for some outside presentations as well as Adobe services.• Our corner of the Dean's Office uses Google Calendar, and we're exploring switching the whole office over to it.
Summary
Terry's Top Ten CC Questions
1. What is it?
2. Isn't this just grid computing?
3. Isn't this just like the old time-sharing service bureaus?
4. Is this just about "Google Apps"?
5. Is anyone at our institution really using these services yet?
6. There has been a lot of talk about the privacy, security, and compliance (e.g. eDiscovery) risks associated with services such as Google "Apps for Edu" offering. What's the scoop?
7. Doesn't a contract with Google, MS, Amazon, etc, create unnecessary risk?
8. Aren't there things we should not use cloud services for?
9. Isn't it true that no large corporations are using these services due to security and compliance concerns?
10. If we ignore this problem, won't it just go away?
Recap
• Cloud computing is transforming IT• Already widely used by UW individuals• Emerging as integral to research & teaching
• Key concern: institutional risk management• Policies needed for all cases: local/external/mobile• Risk of status quo >> risk of partnership
• Key questions re central role (compliance, usability)
• How much central integration & support?• Lead, follow, or get out of the way?
Central IT Recommendations
• Lead & Follow • Encourage cloud use; Partner w/MS, Google, Amazon• Provide expertise & coordination; Assist policy efforts
• “Get out of the way”• Facilitate master contracts meeting UW & dept needs• Enable, don't mandate; soft-launch
• Moderate Integration (IAM and application)
• Balance usability/compliance goals w/TCO • Avoid both too little/too much; slippery slopes
• Minimum User Support• Manage central “Admin” accounts• Embrace low-touch DIY support paradigm
Discussion Topics
How committed are vendors to interoperability? Web-based ads vs. thick clients Goal of broad contracts w/cloud providers Does a contract increase or decrease risk? Consequences of no institutional contract? Geographic issues: PRA/FOIA, Patriot Act, etc Health care opportunity; HIPAA Policy/guidelines for using cloud services...
Relationship to data security standards?
Discussion
UW: meeting the cloud head-on