Top 5 Challenges to Cloud Computing
In my previous post, we looked at understanding the
different adoption patterns – i.e. how customers are turning towards
cloud. Some of the key reasons of the
“why” are listed below
- Ease of deployment
- More flexibility in
supporting evolving business needs (both from a technical and business
- Lower cost of
- Easier way to scale
and ensure availability and performance
- Overall ease of use
While all of these are good, there are
still many yet to get on to this cloud computing train. Let’s explore what are
their key concerns or challenges why they are reluctant to jump in. The
following are inputs that I’ve got from various analyst studies and resources
on the internet.
- Security and Privacy- The top most concern that everybody seem to agree
as a challenge with cloud is security. The data security and privacy
concerns ranks top on almost all of the surveys. Cloud computing
introduces another level of risk because essential services are often
outsourced to a third party, making it harder to maintain data integrity
and privacy, support data and service availability, and demonstrate compliance.
- Real Benefits / Business Outcome – Though we have several case studies showcasing
the benefits arising out of implementing cloud technologies, some of the
customers are still not convinced on the possible benefits. Their main
concern is how to realize the investment to full potential and make cloud
part of their mainstream IT Portfolio. Enterprises
need to a good view into the real benefits of cloud computing rather than
the seeing the potential of cloud computing to add value. The return on
investment (ROI) on cloud needs to be substantiated by comparing specific
metrics of traditional IT with Cloud Computing solutions that can show
savings that demonstrate cost, time, quality, compliance, revenue and
profitability improvement. The cloud ROI model should include things such
as indicators for comparing the availability, performance versus recovery
SLA, Workload-wise assessments, Capex versus Opex costs benefits,
- Service Quality: Service quality is one of the biggest factors that the enterprises
cite as a reason for not moving their business applications to cloud. They
feel that the SLAs provided by the cloud providers today are not
sufficient to guarantee the requirements for running a production
applications on cloud especially related to the availability, performance
and scalability. In most cases,
enterprises get refunded for the amount of time the service was down but
most of the current SLAs down cover business loss. Without proper service
quality guarantee enterprises are not going to host their business
critical infrastructure in the cloud.
- Performance / Insufficient responsiveness over
network: Delivery of
complex services through the network is clearly impossible if the network
bandwidth is not adequate. Many of
the businesses are waiting for improved bandwidth and lower costs before
they consider moving into the cloud.
Many cloud applications are still too bandwidth intensive.
- Integration: Many applications have complex integration needs to connect to other
cloud applications as well as other on-premise applications. These include integrating existing cloud
applications with existing enterprise applications and data structures.
There is a need to connect the cloud application with the rest of the
enterprise in a simple, quick and cost effective way.
I plan to discuss more on what are the
perceived and real threats related to Security and Privacy in my subsequent
posts. In my new role, as an Architect for IBM Security Solutions,
I’ll like to discuss the details on what IBM tools and technologies you could use to overcome the issues.
Meanwhile keep those comments coming and I look
forward to them to understand what other areas you think are key
concerns to be addressed to accelerate adoption of cloud.
If you haven’t signed up yet, be sure to check out the October cloud computing for developers virtual event
. Participants in this two-day event will learn how to leverage the power of the cloud to tackle the toughest business and technical challenges! This two-day event will be packed with real-world examples and live demos of techniques and products – and you’ll see it all without leaving your desk. It's going to be exciting to have you all there with us getting smarter learning new technical skills to prepare us all for a smarter planet.
Here's some of what's in plan for the event. Remember that you can ask as many questions as you wish to our team of experts about any of our sessions.
- IBM technical experts will kick off the event on day 1 with a session on the IBM development and test cloud and you'll see the cloud in action in a live demo. Our experts will discuss use cases and scenarios that will help you as you develop and test in the cloud.
- Next we'll discuss a roadmap on how you and IBM can move your application to pattern-based middleware and why infrastructure-as-a-service alone is not enough to reduce implementation challenges when making the move to software-as-a-service.
- Then you will learn how IBM's new Cast Iron Cloud Integration Platform has helped hundreds of customers just like you connect their cloud and on-premise applications in just days with its 'configuration, not coding' approach. You will see an engaging live ERP to cloud CRM demo.
- The final day 1 session will demonstrate how to efficiently package middleware and/or applications so that they can be easily deployed into dynamic "cloudified" IT infrastructure. Techniques addressed in this session will include Anatomy of an Open Virtual Appliance, OVA repository and lifecycle, single and multi-image OVAs, best practices and examples of OVF.
That's not all folks, remember we have a full set of sessions on the 2nd day to. Remember, you'll have to register separately for day 2.
- We'll start the day off showing you how solutions such as eXtreme Scale can scale the database layer. And you'll learn how eXtreme Scale and XC10 help solution-wide HTTP session management, and the WebSphere Application Server dynamic cache service for page fragments.
- Ever wondered why iSeries may be an ideal platform for cloud computing? The next session will show you how iSeries has been architected for applications that can be delivered in a hosted or SaaS environment, drilling down into the capabilities that make IBM iSeries well suited for SaaS.
- I'm sure you will not want to leave before you hear best practices for designing databases for multitenancy and resiliency which is the topic of the next session. Learn about use cases of AWS and DB2 instances, database schemas as well as a demonstration of setting up HADR in the cloud.
- We'll wrap up with a final session examining some technical considerations associated with building a secure application in a cloud environment and then discuss how they can be addressed with IBM products including DataPower, TFIM, TSIEM and TSPM.
We are giving you a choice. Choose the 2-day event best suited to you depending on where you are in the world. Both events will have very similar sessions. Register for the event that is best timed for North American (October 12-13) or European (October 26-27) time zones.
Visit the IBM Cloud for developers group
to view the agenda and session descriptions, or register here
We are looking forward to learning with you so join us this month to get a little smarter.
The IBM Tech Trends report is out! We asked, you answered. Check out the results of IBM developerWorks' 2011 Tech Trends survey
and find out what more than 4,000 IT professionals -- your peers -- have to say about the future of technology, including their opinions on cloud computing, business analytics, mobile computing, and social business.
The report provides insight from the worldwide IT development community into the adoption, preferences and challenges of key enterprise technology trends including cloud, business analytics, mobile computing, and social business. The results also provide guidance on areas where IT professionals like you say they need help with skills to develop new technologies and platforms that will be in demand in the coming years.
As we focus in on cloud, there is absolutely a growing trend in cloud computing to view it as more than just cheap infrastructure. Companies are now exploring the possibility of developing applications in the cloud (you guys are already doing that) many of them related to mobile development.
Currently the biggest challenge is integrating the cloud into application development as the reduction of operating expenses is the driver of this move. We still have a way to go however with 40% of the survey responders saying their company is not yet involved in cloud currently. Hmm, interesting right.
The cool news is that the expectation from those same responders is that over the next two years 75% of the IT professionals responded that they expect that this will change and that theirs and other enterprises will take to building cloud infrastructure.
Have you checked out the features in the new release of the IBM Smart Business Development and Test on the IBM Cloud? Well you should. Version 1.1 provides support for Virtual Private Networks and Virtual Local Area Networks plus new premium support services are now available. I've heard from my tweeps on Twitter that the new release rocks so had to share the news with all of you in our very cool developer community.
Okay so if you want to realize faster application deployment with reduced costs, you have to check out the IBM Cloud. You virtually have no infrastructure to maintain and benefit from pay-as-you-go pricing. And, you can set up more accurate test environments in minutes versus weeks using standardized configurations. Sound irresistible?
So you ask, what does this new release really mean for me as a developer? Well here's a quick summary of what Version 1.1 has to offer:
- Security is a top priority, you can now use a VPN to access your machine instances on the IBM Cloud to provide virtual network isolation of your instances. Each VPN service consists of a private virtual LAN (VLAN) in an IBM Cloud Center of your choice plus a VPN gateway for accessing that VLAN. Pretty cool!
- In addition, the VPN option allows isolation of your development and test environment on the IBM Cloud on a VLAN that only you can access. Plus your instance is not accessible from the Internet or from other instances unless you have provisioned them to use your private VLAN. Very secure.
- New premium support services have been added. On top of the existing tech support, you may also purchase premium levels of support that include around-the-clock telephone support and a web-based ticketing system to submit and review service requests plus remote technical support to assist you in the use of the Cloud web portal, access to services, instance creation, and image management functions within the portal. And you have the ability to add Linux operating support for Linux OS provisioned through the Cloud web portal, including support for virtual machine instances. This is really awesome.
Want to know more, listen to IBM Cloud expert Brian Snitzer talk about the changes in release 1.1
Then you'll want to check out the web site for IBM Smart Business Development and Test on the IBM Cloud
to see how you can get started - you can request a contract right from the web page.
And once you get signed up, take advantage of the IBM developerWorks cloud computing resource center
to keep up with technical knowledge on cloud application and services development and deployment and tools you can use to make your life easier.
Follow me on Twitter
to get the latest on technical cloud resources, events and more.
Understanding the Cloud Adoption Patterns
I did discuss the - The Next Big thing – Cloud enabled
business model Innovation in my previous post. But you may be asking where do I
start. That’s where I guess Cloud
Adoption Patterns work that IBM has pioneered is going to help. This is some
great analysis - Cloud Adoption
Patterns that IBM have done based on thousands of cloud engagements that we
have done so far. This analysis is a good abstraction of the ways organizations
are consuming cloud -- a good starting /entry point discussions on cloud.
The four most common entry points to cloud solutions are discussed in the
picture above. I love these videos on youtube - Cloud Adoption
Patterns that tells you the essence of these patterns in less than 2 minutes.
Data Center – to achieve better return on investment and manage
complexity by extending virtualization well beyond just hardware consolidation.
Platform Services – to accelerate time-to-market by creating, deploying
and managing cloud applications.
Solutions on Cloud – to access enterprise-level capabilities through a
provider’s applications running on a cloud infrastructure; to improve
innovation and flexibility while minimizing risk and capital expense.
Service Provider – to innovate with new business models by building,
extending, enabling and marketing cloud services.
For each of these patterns of cloud adoption, we have defined a set of
proven projects that it supports with software, services and solutions to help
businesses streamline the implementation of their chosen cloud capabilities.
While the Cloud
Enabled Data Center pattern is the case for most of the private cloud
implementation. Most customers start with providing infrastructure as a service
on the cloud. This pattern also discusses how we can share infrastructure
across multiple projects and drive benefits.
This also discusses a lot of automation in the operation and business
process that’s possible to have a responsive IT department that can help the
business to be agile.
The next level of gain or reuse would be run your workloads on a shared
stack of middleware. Platform
as a Service Pattern is an integrated stack of middleware that is optimized
to execute and manage different workloads, for example, batch, business process
management and analytics. This middleware stack standardizes and automates a
common set of topologies and workloads, providing businesses with elasticity,
efficiency and automated workload management. A cloud platform dynamically
adjusts workload and infrastructure characteristics to meet business priorities
and service level agreements. All the layers below understanding what workloads
are running on top of it and optimizing self is going to help run these
workloads more efficiently and at a lower cost.
The Cloud Platform Services adoption pattern can improve developer
productivity by eliminating the need to work at the image level so that
developers can instead concentrate on application development.
solutions pattern maps to the SAAS model where you leverage cloud to innovate with speed and efficiency to drive
sales and profitability. In these we
look at creating and consuming business solutions on the cloud. Some of the key
offerings in this space are things like business process design, social and
collaboration tools, supply chain and inventory, digital marketing
optimization, B2B integration Services etc. These generic services consumed
from the cloud relieves you of the pain of setting up things from scratch as
well as enable you to scale based on your demands.
Cloud Service Provider (CSP) Pattern is the one that most of the Telcos
adopt when they have to service multiple consumers with a single cloud
solution. We provide tools and technologies to design and deploy highly secure,
multi-tenant cloud services infrastructure that can integrate nicely with
plenty of 3rd party applications.
As we understand it is easy to do the IaaS pattern and more
work to do when we implement SaaS or CSP patterns. But the gain is more when we
do sharing at the software or application level. Depending on where you are in
your current IT Environment, you can pick up and implement any of these
patterns that suit you. The work that we have done to analyse these patterns
and provide a consistent set of technologies and tools to build out these
patterns should make life easy for you. Leverage it –less pain and more to gain.
Chapter 11 – Self Service Portal
& Service Catalog
One of the key aspects of cloud service management is the
automation to ensure that you can manage huge and growing infrastructures while
controlling cost and quality. To attain this goal, we need a Self Service
Portal and a Service Catalog. Results show that with these components in place
the wait time for services have decreased by an average 98%.
Traditional processes would require you to fill out a paper
and put it through the approval processes. Finally the capex is approved and
the order is placed for the hardware and software. Also you will be required to constantly
followup with the IT Provider teams to know the status of the hardware/software
availability, their installation and provisioning, etc. Most often even if all the details are
provided correctly upfront, there are chances of errors in the hardware and
software provisioning as the process is manual.
With the Self-Service Portal these requests and their
tracking are automated. You can track
the status of the workflow Online. Ask for services when you need them and most
of it is provisioned automatically through workflows implemented. There is less
chance for error and faster provisioning with Self-Service Portal and the
Thus the Self-Service GUI allows end users to request IT
Resources and optionally automatically fulfill that request.
Tivoli Service Automation Manager provides a set of
pre-defined services for Virtual Server Management. These are available as part
of a service catalog that is accessible to end user through the Self-Service
UI. The Self-Service
Virtual Server Management functionality addresses a long-standing need by
data centers to efficiently manage the self-service deployment of virtual
servers and associated software. Using a set of simple, point-and-click tools,
an end user can select a software stack and have the software automatically
installed or uninstalled in a virtual host that is automatically provisioned.
These tools integrate with IBM Tivoli Service Request
Manager to provide a self-service portal for reserving, provisioning, recycling,
and modifying virtual servers, and working with server images, in the following
platform environments in a virtualized non-production lab (VNPL). This
functionality ensures the integrity of fulfillment operations that involve a
wide range of resource actions.
These capabilities enable you to achieve incremental value
by adopting a self-service virtual server provisioning process, growing and
adapting the process at your own pace, and adding task automation to further
reduce labor costs around defined provisioning needs.
Before users in the data center can create and provision
virtual servers, administrators perform a set of setup tasks, including
configuring the integration; setting up the virtualization environments managed
by the various hypervisors and running a Tivoli Provisioning Manager discovery
to discover servers and images across the data center.
After this initial setup has been completed, the
administrator associates the virtual server offerings with Tivoli Provisioning
Manager virtual server templates. In addition, the Image Library is used as the
source for software images to be used in provisioning the virtual servers.
Data center users who have Cloud Admin rights can use the
Service Automation Manager Offering Catalog application to create and provision
virtual server deployments.
The Offering Catalog application contains all the
offerings that are available to the end user. There are steps that you need to
perform on the catalog that will make specific offerings visible to specific
end user groups. The end user interface
is a Web 2.0 interface which can be edited to expose it via a Service Catalog.
The Web 2.0 UI is designed in an extensible, modular way that allows for
programmatically extending it.
Tivoli Service Automation Manager defines security groups
that are used to provide role-based functions that can be performed via the
administrative user interface or the self-service user interface. We will
discuss the User access management for the Self-Service Virtual Server
Provisioning component in the next chapter.
With the recent exploration of cloud computing technologies, organizations are using cloud service models like infrastructure as a service (IaaS), platform as a service (PaaS) and software as a service (SaaS) along with cloud deployment models (public, private and hybrid) to deploy their applications.
There is a concept in the cloud world that is based on application characteristics: the concept of cloud-enabled and cloud-centric applications. In this blog post, Dan Boulia provides a concise explanation about the concept.
You can say that a cloud-enabled application is an application that was moved to cloud, but it was originally developed for deployment in a traditional data center. Some characteristics of the application had to be changed or customized for the cloud. On the other hand, a cloud-centric application (also known as cloud-native and cloud-ready) is an application that was developed with the cloud principles of multi-tenancy, elastic scaling and easy integration and administration in its design.
When developing an application that will be deployed in the cloud, you must keep the cloud principles in mind. They should be taken into account as part of the application. So we come to the first point: Is it better to work within an existing application or to completely redesign it? There is no exact answer because it depends. You have to evaluate the level of effort (labor, time and cost) to transform the application into cloud-enabled versus the effort to completely redesign it to a cloud-centric application.
The second point is: Will my cloud-enabled application work better than a new cloud-centric application? Here I would say no. It’s rare to find an existing traditional application that was developed with any of the cloud principles in mind. It may be possible to construct the same feel (for the user) as a cloud-centric application, but it will not function the same way internally.
Changing an existing application could be easier since you already have the skills and tools in the organization and you won’t need to learn any new technology. However, while it may be easier to change the application, in the long term it will be harder to maintain. New technologies (social media, mobile, sensors) continue to appear and it is becoming more important to integrate them. Doing this will require additional and continuous effort and may exponentially increase development and supporting costs.
Now comes the third point: What can you use to help expedite the move or redevelopment of an existing application to a cloud-centric model? Many cloud companies have development tools that can help an organization on this path. For instance, IBM has recently announced IBM Bluemix, a development platform to create cloud-centric applications. Shamim Hossain explains the capabilities in more detail in his blog post. Another option is to use IBM PureApplication System to expedite the development.
I discussed some points here that I hope can provide a better understand about an important concept in cloud computing and how to address it. Let me know your thoughts on it! Follow me at Twitter @varga_sergio to talk more about it
Infrastructure Security Design (Public Clouds)
As we discussed in my previous post, transparency or more
control is need of the hour with regards to security on the cloud. Let examine how this is done by the popular
cloud providers and understand the method and the technologies. We need to
secure the infrastructure, network, endpoints, applications, processes, data,
and information and overall have a governance to mitigate the risk and meet the
compliance. Let us take the infrastructure to begin with.
The key areas for a security team to design for with regards
to infrastructure security are
logs on all resources – VMs and hypervisors
Let us start looking at the public cloud implementations to
understand how they are managing these aspects.
Almost all the vendors – IBM, Amazon,
provide a means to do SSH with keys to the Guest OS. The protocol runs over SSL
and is authenticated with a certificate and private key which could be
generated by the customer.
SmartCloud is designed with enterprise security as a top priority. Access
to the infrastructure self-service portal and application programming interface
(API) is restricted to users with an IBM Web Identity. The infrastructure
complies with IBM security policies, including regular security scans and controlled
administrative actions and operations. Within our delivery centres, customer
data and virtual machines are kept in the data centre where provisioned, and
the physical security is the same as that for IBM’s own internal data centres. With virtual private network (VPN) option,
customers can isolate their servers in the IBM SmartCloud on a virtual local
area network (VLAN) that can act as an extension of their internal network.
This VPN capability can also be used to create security zones in an Internet-facing
configuration to better protect their servers against attacks.
IBM LotusLive employs a security approach based on three
three-pillars that includes ensuring security rich infrastructure.
security: Making personnel
roles across LotusLive and their access authorizations are recorded in a
Separation of Duty matrix.
security-rich infrastructure: Security configuration reviews
and periodic vulnerability scanning of all systems and infrastructure.
enforcement points providing application security: multi-layered
compliance with periodic programs that address all elements of the service
We will see how the infrastructure
security aspects are dealt with for private clouds in my next post. Stay tuned
and keep those comments coming. I’d some of my readers tell me that the blog
entries are not showing up fine on Internet explorer. While I will make the
effort to fix the issue, please use Firefox or any other browser in the
And if you these posts interesting dont forget to rate the post (click on the stars) and if you got an extra minute do put in a comment on what apsects you find interesting or need discussion.
Chapter 14 - Management Platform & Managed Environments
To design a good cloud management platform we need to
understand the managed environment. As we know that the workloads would include
not only stuff running on virtual infrastructure but also traditional
infrastructure. So we need to design a management platform that can support
delivery of traditional services as well as cloud services.
The advantage of using IBM reference architecture (refer
previous chapter) is that we the service management cost to a minimum and be
able to manage multiple services (IAAS, PAAS, SAAS, Traditional Services)
through a single management platform (Common Cloud Management Platform).
The design of the management platform is mainly driven by
what platforms we need to manage as well as the services we have to deliver.
The core components of the management platform are determined by the amount of
service automation expected to be provided by the platform.
The cloud management platform can be thought of like a
Service Delivery Platform as applied to Telecommunication industries. The term Service Delivery
Platform (SDP) usually refers to a set of components that provides a
services delivery architecture (such as service creation, session control &
protocols) supporting multiple delivery models of service.
The core components can be again classified into the
business support (BSS) components and the operational support (OSS) components. The
business components include ways to manage the customer, subscription, offering
& catalog, contract, order, billing, and financial aspects of the platform.
The OSS deals
with the backend aspects of fulfilling the service request. So it includes
components like service automation, provisioning, monitoring and management.
The IBM Tivoli suite of products supports addressing almost
all of the OSS
requirements as well as some of the key components in the BSS components. As an
architect, the key decisions to take are to look at the capabilities required
based on the client needs and create a platform that is extensible. This needs to be done keeping flexibility in
mind which means you have the capability to add and remove components to
support different capabilities. In an
established and mature Data
Center, it is highly
unlikely that all these components are delivered by a single vendor. That’s why
an architecture build on open standards is critical to the success of building
a good management platform.
IBM is leading the efforts for adoption of standards by
different cloud providers, consumers and tools vendors. The work being done by
IBM with Open Group and Cloud Standards Customers Council are
some examples for the same.
Once we have determined the functional components of our
solution we need to worry about the non-functional requirements. These include
aspects like security, availability, resiliency, performance, scalability,
capacity planning and sizing. We will
need to determine these aspects for the management platform based on the size
and heterogeneity of the managed environment. We will discuss these aspects in
the next chapter.
Possible Solution for Mullaperiyar Dam Issue ?
While I’m writing this blog, the Ministers of Tamil Nadu and
Kerala are having a meeting
with Prime Minister to discuss the contentious issue of Mullaperiayar at length.
For those who don’t know about this issue, this is about the Mullaperiayar Dam in
Mullaperiyar Dam is a masonry gravity dam over River Periyar and operated
by the Government of Tamil Nadu based on
a 999-year lease agreement. The catchment areas and river basin of River
Periyar downstream include five Districts of Central Kerala, namely Idukki,
Kottayam, Ernakulam, Alappuzha and Trissur with a total population of around
This dam is at the centre stage again in the wake of reports that
the dam is weakening due to increase in incidents of tremor in Idduki district
in Kerala. Ministers from Kerala are seeking Central Government intervention in
ensuring the safety of the dam. At the same time, Tamil Nadu is insisting on
increasing the water level in the reservoir for enhancing water supply to the
state. While Tamil Nadu wants to increase the water-level in the reservoir,
Kerala has been insisting that it be reduced from the current 136 feet to 120
Currently I don’t think we have clear metrics on the exact usage
of water by each state, what is right level of water to be retained by the dam,
what are the risks etc. We have been relying on data that we have from the
However you look at it -- whether too much or not enough,
the world needs a smarter way to think about water. We need to look at the
subject holistically with all the other considerations as well. We use water
for more than drinking. We need to make an inventory of how much water we get
and how is it used – of industries, irrigation, etc.
This is where I think we need smarter ways to manage the water in the best possible way that addresses both states
Smarter Water Management can help us think in a smarter way about water. For
instance IBM is helping
the Beacon Institute to do source-to-sea real-time monitoring network for New York’s Hudson
and St. Lawrence Rivers as well as report on conditions and threats in real
time. There are many other case studies across the globe on IBM Smarter Water
Those interested in the problem and the possible solutions should
definitely read IBM’s broader outlook on Water Management as covered in the Global Innovation Outlook.
for Tomorrow is another interesting partnership between IBM and The Nature
Conservancy. IBM is providing a state-of-the-art support system for a free,
online application that will provide easy access to data and computer models to
help watershed managers assess how land use affects water quality.
Though it's a worldwide entity, water is treated as a regional
issue. I think we should try putting technology to use to solve our water problems.
The solution should be more instrumented, interconnected and intelligent system
that can not only take into consideration the realtime monitoring of the river
but also include early warning systems to notify risks related to earth quakes
etc. IBM’s Strategic
Water Management Solutions include offerings to help governments, water
utilities, and companies monitor and manage water more effectively. The IBM
Strategic Water Information Management (SWIM) solutions platform is both an
information architecture and an intelligent infrastructure that enables
continuous automated sensing, monitoring, and decision support for water
you might be wondering what has this to do with Cloud and why is this post on
cloud computing Central. For these solutions and platforms to be successful it
is highly important that we have energy efficient high-performance computing
platforms and complex sensor, metering, and actuator networks. Such platform
needs and flexible choices of having the solution on-premise as well as
leverage different delivery models can only be supported through a cloud.
I think we should just leverage these solutions on the cloud to
solve this issue and keep all the states and its people happy :-).
Cloud Service Provider Platform (CSP2)
Till now we have seen through the earlier posts – what are
the essentials to go about creating a cloud environment – that consists of the management
platform as well as the managed environment. We have seen the critical
roles and organizations involved as well as the importance of Cloud
Service Strategy and Cloud
Service Design. We also saw the criticality of the need for a Cloud
Computing Reference Architecture (CCRA) to tie all the solution elements
together. We also saw how IBM
Service Delivery Manager (ISDM) which is an enterprise cloud solution based
Service Automation Manager (TSAM) can be deployed as a set of virtual
images that automate IT service deployment and provide resource monitoring,
cost management, and provisioning of services in the cloud.
Cloud Service Provider Platform (CSP2) is a carrier grade cloud offering
that contains enhancements over the base ISDM solution to provide a
multi-tenancy environment that allows both internal and external users to exist
on the same cloud and management platforms. IBM's new CSP2 platform provides
cloud services such as desktop management to influence the cloud based business
strategy of communications service providers.
Cloud Service Provider Platform is specifically tailored to the needs of CSPs
and is designed to help them successfully:
- Create cloud services that
harness the strengths of a diverse partner ecosystem and rapidly enable
applications and solutions to extend their market reach.
- Manage cloud services quickly
and easily with an open, carrier-grade, secure, scalable, automated and
integrated service management solution.
- Monetize cloud services by
leveraging business intelligence and analytics to achieve differentiation,
maximize revenue and enhance the customer experience.
Figure 1 IBM Integrated Service
Management Solution for Cloud Service Providers
IBM Cloud Service Provider Platform is an integrated Service Management for
Cloud Service Providers is built upon around a core Service
Automation and Management component provided by ISDM. Beyond the core, IBM’s Integrated Service
Management for Cloud Service Providers makes available four extensions—network
management, and advanced
monitoring and service level management—that enables a comprehensive
Communications service providers (CSPs) around the world are
looking for smarter ways of doing business. They are being challenged to
transform the way services are created, managed, and delivered. CSP2 neatly
integrates and extends the SPDE (Service Provider Delivery Environment) for
Communication Service Providers to build the ecosystem to become a cloud
service provider. For a cloud based
business strategy - check out the video from Scott on the
value of CSP2 for CSPs.
Today IBM announced new cloud computing initiatives for Business Partners. One called the IBM Cloud Computing Specialty
- a single program to develop the IT industry's broadest ecosystem of companies working together to provide a wide range of cloud computing services and technologies for clients of all sizes and industries. The second, the IBM Software Value Plus Cloud Computing Authorization
for software resellers.
Both these initiatives are complementary. IBM Business Partners with an SVP Cloud
Authorization will have completed the IBM Software skills required for the Cloud Specialty. While the IBM Cloud Specialty focuses on the
development and promotion of top cloud Business Partners, the new authorization is an
extension of the IBM Software Value Plus program, specifically for IBM software Business Partners that have built and demonstrated specialty skills, and then
receive financial incentives as resellers of IBM's software portfolio.
You may recall the recent IBM developerWorks survey of more than 2,000 IT professionals worldwide showed 91 percent believe cloud computing will overtake on-premise computing as the primary way organizations acquire by 2015. Industry analysts have also said that the cloud opportunity is expected to more than double in the next few years.
The announcements today certainly bolsters IBM's continued leadership in growing cloud computing opportunity.
And IBM developerWorks continues to be committed to being your source for the technical resources to build your cloud skills to ensure you can participate in the coming opportunities. The Cloud zone on IBM developerWorks offers the ability to collaborate with peers to solve your development issues and excel with cloud computing so that you can be in lock step with the new opportunities that are expected to arise with the growing cloud computing opportunity.
It's a exciting space, grow your knowledge to participate in the smarter planet.
Securing the Cloud – What are the top concerns?
IT Security is well researched and
matured area. The reason why we have enterprises doing commerce over the web
today is because IT Security practices, tools and technologies have matured to
establish the trust and have overcome the
concerns. As with most new technology paradigms, security concerns surrounding
cloud computing have become the most widely talked about inhibitor of
widespread usage as discussed in my previous post.
To gain the trust of organizations,
cloud services must deliver security and privacy expectations that meet or
exceed what is available in traditional IT environments. Let us discuss what’s are
the Top Security Concerns when it comes to cloud.
Transparency or Less Control
If we look at the security and
privacy domains in cloud, they are no different from the traditional domains.
We need to secure the infrastructure, network, endpoints, applications,
processes, data, and information and overall have a governance to mitigate the
risk and meet the compliance. But in a cloud environment, access expands,
responsibilities change, control shifts, and the speed of provisioning
resources and applications increases - greatly affecting all these aspects of
IT security. The different cloud deployment models like the public, private and
hybrid clouds also change the way we think need to about security. The
responsibilities are spread across Consumer, Service Resellers and Providers.
The immediate risks of these shared responsibility is that nobody gets a
holistic view of the security and so less customization of any security
controls. Consumers need visibility into day-to-day operations as well as need
access to logs and policies. The aspect of less visibility or transparency is
mostly the top most concern shared universally.
Data and Information Security
The next primary concern that
customers mention related to security on the cloud is related to data and
information security. The specific concerns include
Protection of intellectual property and data
Ability to enforce regulatory or contractual obligations
Unauthorized use of data
Confidentiality of data
Availability of data
Integrity of data
A shared, multi-tenant
infrastructure increases potential for unauthorized exposure especially in the
case of public-facing clouds. Security Administrators need to worry about
designing security for applications and data that are publically exposed which
can be potentially accessed by anybody on the internet.
Different industries and geographies have different regulations
and rules that they need to comply to depending on the workloads and data they
put on the cloud. Complying with SOX,
HIPAA and other regulations are one risk or issue because of which customers
are not ready to put their applications on the cloud. Cloud or no cloud for
these sort of workloads comprehensive auditing capabilities are essential.
Security Management - Methods and Tools
Finally customers would need to know how today’s enterprise
security controls are represented in the cloud.
They need to understand how the security events are monitored correlated
and actions taken when needed to keep their infrastructure, workload and data
safe. Security coming on the way of high availability is another key
concern. IT departments worry about a
loss of service should outages occur because of security reasons. If so, when
running mission critical applications how soon you can get the environment back
at the same level of security is the priority.
Until all of these concerns are addressed and without strong
availability guarantees, customers may not be ready to run their apps in the
cloud. But things are not that bad as we might think. We will discuss how these
aspects can be addressed and what tools and technologies to put to use in the
Meanwhile I recommend that you read this very interesting whitepaper
on “Cloud Security Who do you trust?” which discusses all of these aspects
in detail as well as the different security challenges that security
Capacity Planning for the Management Platform
management platform sizing means sizing for the following components that provides
the functional capabilities
- Service Request Management
- Service Automation
- Service Provisioning
- Service Monitoring &
- Service Level Management
- Service Usage & Accounting
sizing will be affected based on the non-functional consideration that needs to
be addressed by each of these components of the management platform. One should review the performance reports and workload pattern/handling capabilities of each of the products selected to
validate the sizing considered can meet the non-functional requested by the solution.
The size of the management platform depends on the size of the managed environment. It is
preferred to keep a centralized management environment and scale it as needed
when the managed environment grows. This is often not an easy calculation or simple process. Need to apply pure engineering to plan the capacity for each capabilities. Apart from the capabilities discussed above, the following key areas also needs to be covered
In order to size for all these capabilities you need to have answers for some very critical questions. The right sizing and capacity planning depends how good the answers for the following questions can be provided by the project. For example
- Asset Management
- Energy Management
- Network Management
- Security Management
- Storage Management
- Service Availability Management
- Virtualization Management
High Availability (HA) consideration is another important aspect to include in the capacity planning. The management platform has to be designed for HA with appropriate policies defined.
- What operations are expected to be performed with management platform?
- What are the average and peak concurrent administrator workloads?
- What is the enterprise network topology?
- What is the expected workload for provisioned virtual servers, and how do they map to the physical configuration?
- For the provisioned servers: What is the distribution size?
- What are the application service level requirements?
Tivoli Service Automation Manager Version 7: Capacity Planning Cookbook is an excellent document covering the various aspects in detail as well as provide some samples.
This book also gives links to some of the other whitepapers that provides for interesting further reading material on the subject.
- TPM and TSAM Version 7: Database Configuration and Hygiene Recommendations (Leitch), IBM Integrated Service Management (ISM) Library white paper
- TPM and TSAM Version 7: A DBMS Movement Solution (Leitch, Zhao, Kaye-Cheveldayoff), IBM Integrated Service Management (ISM) Library white paper
- Cloud Service Provider Platform, IBM Service Delivery Manager, and Tivoli Service Automation Manager: High Availability for Cloud Management Platforms (Kaye-Cheveldayoff, Leitch), IBM Integrated Service Management (ISM) Library white paper
- TPM Version 7: Capacity Planning Cookbook (Leitch, Kaye-Cheveldayoff), IBM Integrated Service Management (ISM) Library white paper
- TPM Version 7: A Deployment Engine Cluster Solution (Leitch, Zhao, Postea), IBM Integrated Service Management (ISM) Library white paper
- Cloud Computing Capacity Planning: Maximizing Cloud Value (Vargas, Sherwood), IBM Cloud Labs white paper
- IBM Tivoli Service Management Products Version 7 Best Practices for System Performance White Paper (v1.3), IBM Developer Works white paper
Chapter 19 – Tivoli
Process Automation Engine
As we discussed in the previous post, it is important that the all the
processes work together to bring successful automation in the cloud management
platform. A process workflow automation
engine is what makes this possible. In this chapter we will discuss more about Tivoli process automation
engine that’s form the base for IBM process automation in the cloud space.
process automation engine provides a user interface, configuration services, workflows and the common data system needed
for IBM Service Management products and other services. As we already know IBM
Service Management (ISM) is a comprehensive and integrated approach for
Service Management, integrating technology, information, processes, and people
to deliver service excellence and operational efficiency and effectiveness for
traditional enterprises, service providers, and mid-size companies. Tivoli process automation engine, previously known as Tivoli base services, provides
the base infrastructure for applications like Tivoli Maximo Asset Management,
Change and Configuration Manager Database (CCMDB), Tivoli Service Request
Manager (SRM), Tivoli Asset Management for IT (TAMIT), Tivoli Proivisioning
Manager as well as Tivoli Service Automation Manager. Any product that has the Tivoli process automation engine as its foundation can be
installed with any other product that has the Tivoli process automation engine.
Service Management (ISM) comprises
Management that integrates and automates IT management processes
Management that integrates people, processes, information and technology
for real business results
Management to automate tasks to address application or business service
operational management challenges
Through having a common process automation engine, the
we can successfully link Operational and Business services with Infrastructure
through a single (J2EE) platform. We can also leverage current investments
through linking this engine with existing process automation technologies and
products. So by building a unified platform
to automate processes, we have taken data integration to the next level where sharing
data between applications has never been easier. This integrated process automation platform can
support the repeatable IT functions like Incident Management, Problem
Management, Change Management, Configuration Management all the way through to
Release Management. All of these processes tie into the CMDB where they share
consistent data via bidirectional integration. The platform supports best
practices such as ITIL and other Industry best practices. This facilitates an automated approach across
the IT management lifecycle. It's also forms the basis for automating
repetitive tasks that can be handled by the system instead of requiring human (costly)
intervention. TPAE through the adapters provide data federation from multiple
sources that you already have and translating the information into usable data
that can be leveraged by internal process and workflow.
Figure 1 Tivoli
process automation integrated portfolio
Process Automation Engine Wiki provides details on each of the components
and capabilities that make up this integrated portfolio.
Study Guide Series : Foundations of Tivoli Process Automation Engine is a IBM® Redbooks publication that can
guide you to get an IBM
Professional Certification on Tivoli Process Automation Engine.