Last night I got to attend cloud camp, which is an “unevent” that
people can attend to meet up with people who are looking into a
particular technology for business. Cloud Camp Seattle was held at the
Grand Hyatt Seattle, which provided an awesome environment to discuss
cloud computing with 200 of like-minded people. For a unevent it was
very well done and here are my major take ways from Cloud Camp Seattle.
Amazon and Azure have designed their systems with a different philosophy.
Amazon when I got to talk to their security evangelist and outreach
person sees cloud computing as something transitory. You only really
use it when you need to spin up servers and services to scale then tear
down once the larger scale is not needed. “If you are running your
entire cloud set 24X7 you are doing it wrong” was the pull away.
Unfortunately, how people are using cloud computing is that they are
leaving systems on 24X7; they are seeing it as a direct replacement for
systems in their data centers. Economies of scale are important, but
people are going to leave systems on all the time even if they do not
need an economy of scale today.
Azure came from a different perspective of always on systems where
the Operating System (OS) is no longer the issue. Microsoft patches and
takes care of everything from the OS on down while the customer takes
care of everything above the OS. This is more of the “Platform as a
Service” viewpoint and is very different from Amazon’s viewpoint. What
is interesting to note is that when a customer no longer owns the
operating system they cannot load in software that requires any kind of
registry changes. The phrase used by the Azure spokes person was
“anything you can Xcopy over will run on Azure”. If the software you
are writing requires registry changes then you need to rewrite your
software to work without that. This has deep implications for people
who store crypto keys in the registry of a windows computer.
Both Azure and Amazon require a different viewpoint on writing
software. We do not write software today to manage systems when the
power goes out or the drive dumps. Rather we work from backups and
other processes to recover data from a system that crashes. While
Microsoft keeps multiple copies (on a “tell me 3 times” process,
keeping three caches and if one disappears they rebuilt it from another
concurrent copy of the data) Amazon comes at it from “it’s your data,
you keep copies of it”.
If you are designing software for the cloud, that software has to
have a built in fault tolerance for drop outs, reboots, drive failures,
black outs, and other technology issues that we do not program around
right now. Programmers are also going to have to learn to work with
multiple dispersed copies of the data in ways that they do not have to
do now either. While we can cluster computer systems now in our own
data centers, there is enough difference in cloud computing that
programmers will have to pick up some new tricks to design fault
tolerant software in ways that they do not do now.
This one was the more interesting part of the show, and I spent
over an hour with the security person from Amazon listening and
discussing how security can be managed in the cloud computing
environment. Which brings us to this picture.
We are all comfortable with the current security model that we use
and the above graphic is simplistic overall, but when you think about
the cloud, you have to break the traditional security model down. There
is no more location for the services, they can be anywhere in the
world. There is no more ownership over the OS, the Hardware, the
network, there is only ownership of data and the software to access
that data (for both Amazon and Azure). The controls that a company uses
are only as good as their policies. This is the distributed computing
model on steroids, the only real things that a company can do is
enforce policy on objects (data, data sets, pictures, documents,
whatever) through an intermediary process such as software based
enforcement of controls. There is a lot of software that does this now,
but much of it is not Cloud Computing friendly. This will have a major
influence on companies that have poor controls, no controls, or poor
enforcement of controls. This is the next major audit field, and as I discussed earlier, our auditors might not be up to the task.
This is one of the largest issues that companies need to work
through, how to develop an architecture that works with Cloud
Computing. Think of Cloud Computing as raw horsepower like the engine
in a car. The engine is a great thing but on its own does not do much.
It is the objects that are around that car that make the car what it
is. The analogy works with cloud computing because you have things that
work inherently well within the framework of the cloud. Data entry via
Web Forms, customer management, and other processes immediately come to
mind. But Cloud Computing would also work brilliantly as a portable
render farm, or even a distributed scientific project. Cloud Computing
Architects need to understand the atomic level of the operations that
are being done, what work can be and should be performed in the cloud
are work units that can take advantage of the way that cloud computing
functions. Throughout Cloud Camp last night this type of Architecture
was stressed by everyone present, Amazon, Microsoft, Rack space and
others that were selling or demoing product. The best way to start with
the cloud is to understand how the work flows through the system from
data entry to eventual use. This is going to put a lot of stress on
architects that do not understand how to manage a workflow and think in
terms of Layers 1 through 4 without evaluating the entire stack.
Cloud computing is relatively new, and good products that will help
you manage your cloud environment are few and far between. If you are
looking at purchasing product, ensure that your company buys a product
that will work for you. While this is good advice at any time, from
what I saw last night, many inferior or substandard products out there
that claim to do a lot, but actually do little. It was disappointing to
see the sorry state of products around cloud computing, security, and
management. This is also a huge business opportunity, if a company is
making software, this is going to be a great market if that company can
write software that solves many of the problems we are going to see
with management, audit, failover, disaster recovery, controls and
In all it was an informative “camp” to go to last night and if
there is one locally to you it is well worth going to and hear what
others are saying about the products and services that are available.
While I agree with the audience, it would have been more interesting to
hear real tales of how people are implementing, managing and using the
Cloud, overall this was an awesome experience.
(Cross-posted @ IT Toolbox)