Maybe there are still people reluctant to see the Cloud as a key technology in the IT field that will shape how services are developed and delivered, instead of only the ‘last fashionable buzzword’. But just taking a look at what is happening in the Platform as a Service world should change their minds. Several companies, from small start-ups to big players are struggling to create new and attractive systems where service providers can install and run their software without the worries of configuring and managing the middleware stacks they require.

Read the rest of this entry »

After some internal discussion regarding the difference and the REAL differences between a public and a private Cloud, some of us claimed that they are different entities worth analyzing in a separate manner.  Take security concerns for instance and how they are different in a private corporate and a public setting.

Giving another step forward, Amazon announced this week a new service, the Virtual Private Cloud. In other words a private cloud beyond the corporate limits. RESERVOIR identified this need a year ago. Amazon lets its user create a logically separated set of Elastic Compute Cloud (EC2) instances and a secure VPN connection to their own networks. This service requires three elements only: a VPC instance, an IPSec VPN gateway, and a block of IP addresses provided by the customer ranging from /28 addresses to /18 addresses, and the addresses can be divided up into subnets to further partition traffic.

However, not all Amazon Web Services capabilities are supported in Amazon VPC yet , support for Amazon EC2 security groups, DevPay AMIs, and Internet-facing IP addresses is still missing.

Finally, let’s talk about prices. VPC pricing is $0.05 hourly for VPN access, plus a cost for data transfer ranging from $0.10/GB to $0.17/GB. Charges for other Amazon Web Services, including Amazon EC2, are billed separately at Amazon’s standard rates.

 A “recent” survey by Evans Data revealed cloud computing use patterns among around about 400 developers in awide variety of roles and organizations.

The study shows better acceptance in the Asia-Pacific region where up to 11%  percent of developers use cloud services. North America and Europe, the Middle East, and Africa were following Asian Clouds.

Evans data conclude that economic motivations, combined with ease-of-use and the benefits of dynamically provisioning infrastructure, are driving the Cloud uptake. They also claim that the change to a Cloud paradigm will be stepped, moving small unstrategic modules to the Cloud to check its validity and lear the required lessons before a massive movement to the Cloud can be made.

Some applications started to gain advantage of the Cloud: data intensive and number cruntching applications. Accenture’s CEO claimed that: “Very large data sets and number crunching in the cloud are like peanut butter and jelly [or] a match made in heaven”. Two years ago, most users were startups and small businesses. However, today more of its customers are coming from the enterprise sector, which indicates a shift in the enterprise mindset and a change in the applications that may be moved to the cloud (”cloudified”).

Yet another recent issue of the MIT technology review focused on Cloud technologies and why they may succeed there where so many others failed since the seventies. Virtualization, scaling, already existent real offer, seamless access to apps and data, reduced investment for startups, and boosting app development have been claimed as key elements for its potential success.

This same issue highlights one of our running projects, RESERVOIR,  as one of the 5 most relevant open source projects and research consortiums.

As an outcome of our previous post on Cloud security, we received some very interesting critique providing further insight on Cloud security. The received comments harshly dub our assertions as naive and untrue. We love to receive any kind of respectful and polite critique, even when it may contain opinions opposed to ours. This blog was created for that purpose: discussing and sharing views and ideas.

Since this blog is public, we would have appreciated having these comments as a blog comment, and not as an internal cross-post in a private corporate blog.  Anyway, let us sum up the key points of the received critique, for the sake of open discussion:

• Data security.
• Malware infestation and distribution to third parties using cloud virtual premises.
• Local malware infestation (on the application provider premises)
• Vulnerability exploitation on the app-provider’s Cloud virtual computers.
• Can we implement multilevel security on virtual premises? What would be the equivalent of keeping our most precious data on a separate network that doesn’t have external access on a system where, by definition, everything must be accessible over the network?

This critique effectively pinpoints the problem of hosting an application in a public Cloud, when we would never host it in a traditional hosting environment of let open Internet access to it.We believe, however, that the authors of this critique did not finished reading the whole sentence or misunderstood our words, so let us reemphasize some sentences from the previous post:

•  ”these concerns are not inherent to the Cloud underlying technologies themselves“
• “(some security concerns) do not add any security breach to Internet-hosted applications”
  

Thus, what we mean to say is not that the Cloud does not have any security issue, but rather, it is not much different from any outsourcing solution you may already have. In other words, if your application is not ready to go to an external hosting environment (for security reasons), then you should give up going to the “advanced hosting” a public IaaS-Cloud offers. Thus, our statement that the Cloud does not add anything new to already Internet-hosted applications holds 100% true.

These security concerns about the Cloud are not different to those you may have in any hosting environment. Moreover, Clouds are wrongly assumed to be necessarily public and third-party provided. On the contrary, we can already count on some Open source implementations to build our own private Cloud (in our own premises!! and controlling the underlying network!!), such as Eucalyptus and OpenNebula (Spanish technology).

We hope this post helps understand, as we have been saying since the blog was created, that not all the applications are well suited for a public Cloud, security reasons are a factor, but there are way too many to be thoughtfully considered (such as economical factors, forensics, etc ).