Twitter: Is the Cloud Computing conversation nothing more than vendor PR?
I am a big fan of social media, especially Twitter. I have used Twitter to engage in conversations with fellow enterprise architects, CTOs, CIOs, vendors, and industry analysts to name a few. Most of what I troll Twitter for are conversations about EA, SOA, and Cloud Computing. Lately, the Twitter stream has been adding little to no value on these topics. Most of the chatter that comes across my Twitter client is a rehashing of what is being said at conferences. It seems that there are at least one, if not more, cloud computing conferences each week. Even the conferences that are not about cloud computing still manage to talk about the cloud. After all, if you are a vendor and you are not talking cloud, you are outdated (or so it seems).
Source: http://www.frontpagepr.com/public_relations/
So my Twitter stream is full of “new” information about the cloud. Vendors sponsor conferences, supply most of the keynotes and other sessions, and all of the attendees blog and/or tweet about it. Many of the people up on the grand stage can’t even define the terms correctly yet all of the trade magazines reiterate what they say to all of us who are not there. This leads to mass confusion because unqualified speakers are talking in riddles and peddling their snake oil to the hungry masses looking for information.
If you have been following the chatter the last few weeks, you might think that the top cloud computing vendors are HP, IBM, and Oracle. The reality is that these mega vendors have been on a huge PR mission and have dominated the conferences, thus dominating the conversation on Twitter and on blogs. For those of us who are actually working hands-on with cloud computing each day and solving real business problems, we know that these three vendors are not even close to the top of the cloud computing list in the areas of innovation, real customer installations, and maturity. Companies like Amazon, 3Tera, Google, Salesforce, GoGrid, and many others are light years ahead. Companies like iBM, Oracle, EMC, HP are retrofitting existing products and selling them as cloud solutions.
But try to have a real conversation on Twitter about cloud computing and you will be sorely disappointed. There are some great folks out there in the area of security and compliance. I actually see some value in those conversations once you sift through the hype and myths. But when it comes to architecture and deployments in the cloud, there is complete silence out there. I feel like I am stranded on an island looking for the ship to arrive. Where are the practitioners? Are there any? The cloud conversation is just pure conference regurgitation. There seems to be more cloud computing conferences then there are cloud computing case studies. When I do see an EA type talking about the cloud the message is usually, “Cloud computing has been around for years. This is nothing new”. When I hear that I respond with, “Phones have been around for years, but you can’t tell me that the iPhone and the Blackberry have not radically changed the way we do business”. This is true for the cloud. Yes, we have been outsourcing data centers for years, but the technological advancements over the years have driven costs way down and has made managing and deploying cloud resources much simpler than in the past. Today’s cloud is as much as a game changer as the Internet was when it bursted onto the scene in corporate offices in the early 90’s.
So as a CTO/architect who still rolls up his sleeves and designs things, I am seeing a huge void in finding valuable information about cloud computing. I don’t see any enterprise level case studies. I hear vendors talking the talk, but they have no real results to support all of their hot air. I see the analysts and bloggers repeating what vendors say which is mostly product specific. There is a lot of talk about what to do, but very few are talking about how to do it and sharing the hard fought lessons learned along the way. Maybe I am expecting too much from Twitter. Maybe the people with all the answers I seek are too busy building things to be tweeting all day. Maybe Twitter and Blogs are the wrong place to look for answers. Maybe I just need to figure everything out myself (which has been the case so far). Maybe Twitter is just the perfect PR machine for vendors and a bad place for practitioners to collaborate.
Maybe I just need a vacation!
Architecting the Cloud: Testing performance in your cloud application
When I talk about architecting in the cloud, I am referring to building composite applications or services from scratch with the cloud as the target deployment platform. So as you read this post think about an enterprise application or collection of services build for the cloud. In previous posts I have referenced a hybrid cloud model like the one below:
 |
| From Cloud Computing |
In this model, there are many requirements in the architecture that are specific to security, compliance, reliability, and scalability and are independent of the business functionality that will be deployed in the cloud. If you look at the image above, you will see many different endpoints where data moves from one cloud to the next, to SaaS solutions, and between virtual data centers. I call this the Cloud Infrastructure.
These requirements are also critical to the flow of data through out the cloud. Encryption, transformation, replication, backup/recovery, and many other tasks are key deliverables within any good cloud architecture. Then comes the services that transport business logic in and out of the cloud while inheriting the cloud infrastructure and data services that should be built for reuse. The following image shows a simple view of the separate performance layers of the cloud architecture and the order in which they should be tested.
 |
| From Cloud Computing |
The first thing to do is test the performance of your cloud vendor(s). Looking at the hybrid cloud image above, I would test the flow of data from the different endpoints. At this point there is no need to worry about encryption, transformation, business logic, etc. When testing the Cloud Infrastructure you should be testing the performance of the platform that the cloud vendor is providing. Do not add variables that are specific to the business problems you are trying to solve. For a hybrid solution, test the private and public clouds separately. Your tests should run for several hours with varying size loads. You need to ensure that the cloud can sustain heavy loads, handle concurrency, and consistently deliver solid performance for all transactions. Testing at this level will also help identify configuration and optimization opportunities for each cloud vendor. Once both the public and private cloud infrastructure is tested, then test the intercloud connectivity between them. Make sure this connection is not a bottleneck.
Once you are satisfied with the performance of your hybrid cloud, it is time to analyze the impact of encryption, transformation, data replication, and the various ways that data is being manipulated to address security, compliance, reliability, and scalability requirements. It is critical to understand the impact of these requirements on the overall performance of the system. If you skip this step, finding performance issues later can be like finding a needle in a haystack. People can waste a lot of time searching for performance issues in the business logic when the problem may be in the data layer. Manipulating data can be resource intensive and a potential bottle neck of the overall architecture. Spend some time testing this layer before overlaying it with business logic.
So now you feel good about the Cloud Infrastructure and you have iterated through the design of all of the data manipulation requirements. You now have a solid foundation for your business services. You can focus all of your energy on the the performance of your services. Test each service individually first. Then test the flow of data through the various combinations of service calls that the system is expected to perform. Put these services through rigorous testing and measure their performance for load, sustainability, concurrency, etc.
After the business logic has met the performance requirements, it is time to test the systems as a whole. Up to this point you have tested the system at different layers within the architecture and at different components within the layers. Now it is time to test the system holistically and in the eyes of the end user. It would be very expensive to find performance issues from the lower levels of the architecture at this point. That is why I recommend the layered approach to performance testing. What I also like about this approach is that you can start testing very early in the life cycle. For example, you can test the performance of the Cloud Infrastructure way before the development team delivers the business logic. This approach is iterative and agile and aims at removing performance risks earlier in the lifecycle thus reducing the risk of project delays.
Struggling for an ROI? Why not practice EA?
I have read many articles giving advice on how to sell a technology to the business. It seems that the ROI is a hard thing to derive and explain in business terms these days. You see it with SOA, Cloud Computing, Social Computing, and even with security (yes, having to prove the value of security)! Being a practitioner and addict of Enterprise Architecture, I find this method of thinking to be amusing and even backwards. It sounds to me like people have a technical solution and are now looking for a problem to solve with it. It needs to work the other way around!
I have also read many articles about business and IT alignment, or lack of. Well, coming to the business with technical solutions asking for help to justify them with business drivers is not alignment. Alignment is being a participant along side the business solving business problems. This is what Enterprise Architecture (EA) is all about. EA is all about understanding the business and then aligning the proper technologies to help the business achieve its goals. EA should not be a bunch of non business speaking geeks setting standards and creating pretty pictures on the plotter (aka Ivory Tower). The following picture describes how EA sees alignment. Notice that the technical strategy is a business enabler.
Source: Extended Enterprise Architecture Validation Full version.pdf
EA then defines a clear process for helping the enterprise take these strategies and turn them into something actionable and beneficial to the business.
Source: Extended Enterprise Architecture Validation Full version.pdf
The images above comes from the work of Jaap Schekkerman who created the E2AF (Extended Enterprise Architecture Framework) which I am a big fan and user of. As you can see from this process flow, it all starts with the business’s mission, goals, and objectives. From these “business drivers” the enterprise architects already have a view of the things that are important to the business. Then the architects start their analysis by asking the Why, Who, What, How, With What, and When questions for the perspectives of the Business, Information, Systems, and Technology Infrastructure (see image below).
Source: Extended Enterprise Architecture Validation Full version.pdf
A while back, I took the E2AF framework and made a simple downoadable cheat sheet that puts all of the questions in the above matrix into a document. Feel free to use and distribute it.
Whether an enterprise adopts an EA framework or not, there is no excuse for not asking a series of questions like the ones in the cheat sheet for each enterprise initiative. If enterprises would do this, they would find that the combination of questions across the different perspectives would lead them to technology solutions (i.e. SOA, Cloud Computing, etc.) that should support the business’s mission, values, and goals. At this point the ROI should be much easier, because the solutions where driven by the problem statement(s), not the other way around.
In Summary
When you see an IT team constantly struggling to “sell the business” or compute ROI’s, you can bet that they are not aligned with the business. To become truly aligned with the business, a representative of IT or EA must sit at the table with the business execs and be a participant in the strategic planning of the BUSINESS. This person should not be seen as the IT guy/gal, they should be viewed as a business executive. When CIOs don’t value EA or can’t sell the value of EA, they are the IT guy sitting at the table. When they do believe in EA and have built an EA that the business sees value in, then you have alignment. Without this alignment, IT will constantly struggle to sell technical solutions to the business and come up with appealing ROIs.
How Technology is Drastically Changing the Future of Business
Todays announcement of 3Tera’s AppStore is just another mounting piece of evidence of how technology is drastically changing the business landscape of our future. 3Tera joins Amazon in delivering “cloud ready” components that enterprises, big and small, can quickly get up and running with very little upfront costs. Take at look at 3Tera’s website and you see that in Q3 of 2009 they will release many new components..
The AppStore catalog spans all types of data center infrastructure elements and complete applications, from networking components (such as load balancers, firewalls, routers, traffic managers, content switches), server components (such as web servers, directory servers, databases, application servers) and storage solutions, as well as application software stacks, management and monitoring tools.
Expect more software vendors to start partnering with cloud providers like 3Tera and Amazon to create their own cloud ready images on these platforms.
Cloud Computing
So what does this all mean? As the cloud matures over the next several years, the playing field for businesses starts leveling off because of the low cost to entry and the quick time to market that the cloud will be able to offer. Huge capital investments in physical infrastructure will be a thing of the past or left for those with huge amounts of assets still depreciating on the books. But it is not all about the hardware. We are seeing much more enterprise software being “componentized” and delivered as a service. As time goes on, expect the industry to start producing more standards and better interfaces. Integration will become less of a burden as the interfaces become simpler and the industry matures.
Less hardware to buy, patch, and administer coupled with less non-core business software to build will enable startups, small and medium sized businesses, and even large businesses with an agile architecture to move quickly to chase new business opportunities, streamline operational efficiencies, or integrate with partners and/or customers. But there is more to it!
I believe the commoditizing of software and hardware that cloud computing will bring over the next few years will change the way businesses think (see next point).
Standardizing business processes
The ability to outsource business processes to the cloud will force companies to rethink how they view their business processes. Business owners will be forced to justify any exceptions or proprietary processes that prohibit the company from leveraging “cloud ready” business processes. As more companies continue to standardize on business processes, the customer experience becomes more consistent. When this happens, the business processes themselves become a commodity and the importance of customer service rises dramatically. Which leads me to my next point.
Brand Recognition
When the underlying infrastructure, software, and business processes become a commodity, products and services are forced to compete at low prices. This puts many products and services on a level playing field. That increases the importance of the brand which is why companies are investing so much in marketing these days. Expect that trend to go up as the the marketing landscape changes, which leads me to my next point.
Social Marketing
Companies will continue to invest heavily in a toolbox full of social networking tools. Viral social marketing tactics, ones that leverage the power and voice of consumers spreading the word through their own personal networks, will be the tool of choice for marketers. People are watching TV less, reading the paper less, and spending way more time on the Internet. Companies are recognizing this and will continue to target communities on Facebook, Twitter, YouTube, and many others. It is already happening. Look at what Pepsi is doing.
Government Influence
The current administration is a huge advocate of social software and cloud computing. Their use of blogs, Flicker, YouTube, Twitter, Facebook, and streaming video is making these technologies increasing popular. The belief in a more open government is the driving force for the use of these technologies. If the government can implement these technologies, surely our enterprises can. Today the administration went one step further and created Data.Gov (see video below).
This initiative will lead to more standardization in data and data services and will force various agencies and companies to change their existing practices in order to integrate with this massive public data source.
The government also has a huge cloud computing strategy which should help push the industry to standardize and address the challenges of privacy, security, compliance, and integration. The government also has a ton of money behind this initiative which should help drive much more innovation in the cloud computing industry.
There is no denying it
So as we all argue about the value of Twitter, Facebook, Cloud Computing and the like, the reality is that they are drastically changing the way businesses think and act. More importantly, customers and workers are actually finding themselves more productive at home using new technologies and are applying serious pressure to companies to sacrifice controls and security in exchange for empowerment and agility. All of this is creating more demand for architects and security experts, and driving down the demand for system administrators and development. IT jobs are not going away, but the roles are shifting. It may not be evident today but follow the trend over the next few years. Many companies will outsource more IT functions then ever before. Smart companies will internally focus more on innovation and less on keeping the lights on.
I see it all changing right before my eyes. We are in the early stages of this transformation and many folks may disagree with this assessment. I truly believe that this administration’s investment in technology will drastically increase the rate at which businesses transform to a more outsourced, integrated, and socially connected enterprise.
What are your thoughts?
Cloud Computing: A lot of talking, not much walking
I have been to my share of conferences and webinars on cloud computing the last two years and I have also read the content of many colleagues who live blog, blog, and/or tweet at cloud conferences as well. What I am finding is that most of the talking is being done by vendors, analysts, security gurus, and people who just flat our resist change. All four of these perspectives are extremely important, but the missing perspective is the one from architects who are actually building enterprise solutions in the cloud. Rewind about four or five years and this is very familiar to the early SOA days.
To make matters worse, I am not convinced that many of the vendors are clear on what cloud computing is. Every day I read blogs and tweets where people are arguing what the definitions mean, what the pros and cons are, and if the cloud is even secure enough to consider for anything mission critical. There is a heck of a lot of talking going on that’s for sure. But how many of those talking the talk are walking the walk? Which brings me to the question, “If you haven’t got your hands dirty, why should I listen to you?”
I think the issue is that we are so early in the hype cycle that many enterprises are taking the wait and see approach. Others are using the cloud for simple projects that don’t require architectural changes. Also, many early adopters are startups and small businesses who don’t typically spend a great deal of time focusing on architecture anyways.
I am calling out to my fellow cloud practitioners to start sharing your lessons learned evaluating cloud computing or implementing systems or services in the cloud. Right now there is too much vendor influence. Most of the information the analysts are discussing is being sourced from vendor conferences, blogs, or PR calls. Without hearing the voice of reality from practitioners, we could be setting ourselves for failure like we have seen with big SOA initiatives over the past few years. I have been sharing as much information about our hybrid cloud solution as I can without giving away company secrets (it’s a fine line to walk). But I am not finding a lot of other blogs sharing design concepts or lessons learned. If you know of some please let me know.
So I am begging the vendors and analysts who are out on the speaking circuit promoting cloud computing, “Please give us some real life customer case studies and/or lessons learned”. By now we should all know what the acronyms are, what the risks are, and what the benefits are. Now we need to know how. And it is never a good idea to learn the how from a vendor. We need to learn the how from people in the trenches. We need to discuss enterprise cloud initiatives, not server consolidation stories, adhoc offload processing stories, or user solution cloud stories. We need examples of companies leveraging the cloud to do something mission critical, something that drives mass change within the organization, or something that delivers incredible business value.
So to the vendors, analysts and others…. Bring us some customer stories that practitioners can learn from. Tell me something of value. Let’s get away from theory and talk about reality. Let’s talk about how we can address the concerns about security and compliance (yes, they are doable in the cloud). Let’s not relive the cycle of hype, hope, and failure that we did with SOA and many other buzzwords from days gone past. Let’s stop talking the talk and let’s start walking the walk!
Secure Hybrid Cloud Architectures
There are a lot of discussions going on about security and compliance in the cloud. The concerns are valid, but the belief that they can’t be resolved are not. When you buy a cluster of servers and install them in your data center, are they secure? Of course not. There are many things one must do from the perspective of hardware, operating systems, process and policy, network, data center, and software in order to secure those servers and the applications or services running on them. This is true whether you are in the cloud or not. The cloud does add additional security requirements but all of them are solvable if you can identify them and architect for them.
With that said, I would like to share a couple of approaches that my team has designed. I will make it generic enough not to give away any of our secret sauce. As I mentioned in the past, we are building a 100% off-premise solution for processing real time transactions in the cloud. We are using a hybrid cloud approach made up of a public cloud and a virtual private cloud (VPC) for dealing with sensitive data and compliance requirements. There are two models that we like, each with their pros and cons.
The first model is the Public Master Model where the public cloud is the entry point to our platform (see diagram below).
|
| From Cloud Computing |
The second model is VPC Master Model where the virtual private cloud is the entry point to our platform (see diagram below).
 |
| From Cloud Computing |
Now let me discuss each model one at a time.
Public Master
The concept of the Public Master Model is to maximize the use of the cheaper computing platform which is the public cloud. The public cloud is substantially cheaper than any private cloud solution because of the shared resource model (meaning that you are sharing resources with other companies). Another factor is that Amazon excels in public cloud solutions which makes it an easier pill to swallow for your potential customers and partners, especially the ones that fear the cloud.
Any data that enters the cloud (per our requirements) will be encrypted and each partner/customer that we interface with must pass us their unique security key with every message. We validate their key against our private key pair in our security layer. All data is then replicated from the master database to slave databases in multiple data centers in the public cloud. Also, all data is replicated to the master and slave copies in multiple locations in the VPC through the intercloud connection. The intercloud is the equivalent of a virtual private network between clouds where only certain elastic IPs are allowed to carry out communications. Once again encryption and secure protocols are used for each transmission.
So in this model, we leverage the low cost compute cycles in the public cloud for our real time processing while we trickle feed our critical data to physical hardware located in our VPC. This allows us to provide additional levels of security and meet various regulatory requirements. The VPC is used for compliance, backup and recovery, business continuity, and auditing.
One other issue to address deals with system level logs. An issue with elasticity is that when you tear down images as demand decreases, all of the system logs on those images are lost. That is why I recommend a Master/Slave system log strategy that replicates all log information from the public cloud to the VPC. That allows for two things. First, you can keep the logs in the public cloud small and boost performance because it is replicated in the VPC. Second, you can meet the regulatory requirements by not losing log data when images are torn down. In addition, you can store larger amounts of data in the VPC since it is not doing the critical CPU intensive processing.
VPC Master
Another approach is to reverse the roles of the clouds. The data first enters the platform through the VPC with the same process consisting of encryption and key pairs. The data is processed and replicated to the public cloud where further processing can be done. Both of these models are equally secure in my mind but there are specific reasons why you may choose one over the other.
1) If there are location specific requirements for the data (ie. data can’t leave the country) and the public cloud provider does not have a data center in the desired location, you would have to go the VPC route. If there is not a private cloud provider locally either, you may have to lease or buy floor space or run the data layer in your client’s data center. Of course, this is difficult to do if you do not have a well designed data services layer within a service-oriented architecture.
2) If money is not a factor, do more in the private cloud. The more you can use the word private cloud, the safer your customers, partners, and auditors will feel.
3) If cost is important, the Public Model is the way to go. Public compute cycles, disk storage, and bandwidth costs a fraction of what it costs in the private cloud.
4) If performance is important, you want to do as much work as possible in one of the clouds and simply trickle feed data into the other. If you are doing round trips through the intercloud to process a transaction, you will pay a price in performance.
Our solution
For us, as a startup, cost is extremely important. For real time transaction processing, nothing is more important than performance. Put two and two together and the Public Master Model makes a lot of sense for us.
Just the tip of the security iceberg
But this architecture design by itself is not enough. There are still many other security requirements that must be addressed, but most of them are the same things that should be addressed in today’s on-premise world.
Here is a short list of things to address:
- Lock down ports and IPs
- Secure app servers (Remove unneeded commands, limit access,etc.)
- Secure virtual images
- Establish SLAs, policies
- Understand and comply with required regulatory laws
- Secure database (table-level, attribute-level, classification, access, etc.)
- Log all transactions
- Backup/recovery plan
- etc.
Summary
There are many ways to design for security and compliance in the clouds. Look at these models from a conceptual point of view and not from a physical implementation. Much of the thought process that went into these models are based on requirements that are specific to our company. I am sure there are still some holes in it as well. But these models should show some insights into how a hybrid cloud solution can be designed to be secure. Also, if your architecture is loosely coupled, you can move pieces around between the clouds until you have a model that works the best for you. For example, the public/private key server may make more sense to always be in the private cloud regardless of which model you chose. If you chose the Public Model you can simply move the public/private key server to the VPC and do a web service call over the intercloud to authenticate the transaction.
I hope this discussion is helpful for many of my readers. I also hope that some of you, especially the security experts out there, shoot some holes in it. Further discussions can only improve this design. Enjoy!
My Summary of the IBM Impact 2009 Conference in Vegas
I just got back from a cool three days at IBM’s Impact 2009 in Vegas and thought I would summarize my opinions from what I saw and heard for those who did not get a chance to go. I’ll cover four areas: SOA, Cloud Computing, Social Software, and Personal Networking. But first, here is my disclaimer.
I am not an IBM Customer and I am not being paid by IBM in any way. I was invited to the conference and did not pay for airfare or a registration fee. I did drop $600 on a hotel room.
Ok. Let’s get the show on the road.
SOA
The SOA sessions were very good. Despite what many pundits might say, IBM does have some good SOA case studies. A lot of the lessons learned discussions were the exact same things that myself and many others have echoed over the past few years. To me, there was nothing new here, but for those new to SOA there was some value. It just seems weird that so many companies are still trying to figure out what SOA is.
Cloud Computing
I really don’t think the big mega vendors understand cloud computing at all. Repackaging all of your products as products in the cloud is not the answer. Also, big vendors must stop thinking about the cloud from only the view of billion dollar companies. Cloud computing is a no-brainer for small and medium sized companies. I was really frustrated with all the cloud discussions, both in sessions and in casual conversations until Gartner Analyst Yefim Natis gave a great presentation that defined the various types of clouds, how we got here, and what the benefits to the business are. He also reiterated what many of us EA types have been saying which is SOA is the key to building solutions in the cloud.
Yefim had a great analogy of our understanding of the cloud. He said when television first came to market, people applied what they knew from radio to television because it was all they knew. So many of the early television shows were radio people reading to the television audience. Yefim said that this is exactly what is happening today in the cloud. Most people are simply building stuff the same way they always have and not really reaching the potential that the cloud has to offer. Interesting and true.
Most of the questions asked by the audience where “resistance to cloud” type questions. In every session the same questions were asked. “What about security, compliance, etc?” Don’t people read? You can read about 50 articles a day on the topic. Yet many people are still stuck on the “Cloud is not secure” myth.
All the old timers, older than me that is…ahem, will tell you that they were doing the cloud back in the 70’s. Well, most everything that we do today has evolved from back even before the 70’s. Back in the 70’s, the concept of cloud-like computing was not feasible for most organizations and the technology obviously was not where it is today. We need to get away from that type of thinking. I agree that we shouldn’t think of things like SOA and Cloud Computing as new concepts, but we should recognize them as evolutionary improvements and modernization of the great ideas from yesterday.
When the iPhone came out, did anybody say “we did phones back in the 70’s?” Heck, no. We embraced it as a great advancement to a collection of technologies: phone, mp3 player, personal computer, development platform, etc. We should respect the cloud in the same way.
IBM’s BPM BlueWorks is an interesting SaaS solution for BPM. I have not yet tested it out online but it looks like this might be a good solution in the cloud.
Social Software
IBM is really on the ball with social software (that’s 2 for 3 if you are keeping score). IBM has been a heavy user of social software for many years and have saved millions by empowering a remote workforce. Now they are tapping into the power of social networking not only with their employees, but with their customers, partners, media, and even lowly bloggers like myself. They invited a handful of bloggers who write about SOA and the cloud to the conference. We tweeted our brains out, live blogged, uploaded content on Flickr and Youtube, and found multiple ways to give IBM a viral and low cost marketing strategy. They held blogferences where bloggers and analysts where briefed. Each one of us tweeted and/or blogged about what we leaned. That means that each of our own social networks where updated on IBM’s announcements without IBM having to do the heavy lifting. That’s the power of social networking. Here is a really good example from one of their YouTube videos how they (and we) leverage various forms of social software today:
IBM is also doing some real cool things in extreme gaming. They released Innov8 which is a training tool that teaches through game simulations. Some of the use cases mentioned where city traffic planning, military training, BPM modeling training, and call center training. I would really love to see my kids’ schools start using this type of training. Cool stuff, check it out for yourself.
Personal Networking
I met over 30 people from my social network at the conference. Half of them I have never met in person before including James Governer from Monkchips, Neil Ward-Dutton from Macehiter Ward-Dutton, Judith Hurwitz and Robin Bloor from Hurwitz & Associates and co-authors of Service Oriented Architecture for Dummies, Dana Gardner from ZDNet, and a ton of IBMers.
I also spent some time with some guys I know real well and have met in person several times like Ron and Jason from Zapthink, Dave Linthicum, James Taylor author of Smart Enough Systems, and Jordan Haberfield. During the course of the three days I met many talented people and my Twitter network grew by about 40 people. You just can’t put a price tag on the value of expanding your personal network. I get more value out of networking at conferences than I do from the session content. That is not a knock on conferences by any means. Most opportunities in life are more attainable if you know somebody who can get your foot in the door with a simple introduction. Especially if you have helped that person in some capacity in the past.
I use TripIt to track my travels and see who in my network is close by. This was my 8th trip of the year. Every trip except one this year I have met with one or more people from my network. And with every one of those meetings, I was introduced to one or more people who became part of my network. Good people hang with good people. If you do a good job of screening your network and only allowing quality individuals in, they will reward you by connecting you to more quality people. It’s all about the network!
Summary
Although I don’t like IBMs cloud strategy, I think they have a good handle on SOA and are thought leaders in leveraging social software. I enjoyed the show, died laughing as Billy Crystal made fun of us geeks, and lasted about two songs with KC and the Sunshine band. As practitioners, it is important that we keep up with technology and also with the vendors’ strategies. But at the end of the day, it all comes down to architecture. Don’t rely on vendors for your architecture. Understand your business’s goals and align the appropriate technologies to enable those goals. Don’t rush to the cloud because it’s new and cool. Take the time to learn it and learn it independently of your favorite vendor’s strategy. As IBM touted all week, Work Smarter!
So much failure, so little architecture
We have all talked about the Death of SOA, the imminent failure of Cloud Computing, and countless other IT failures on blogs dedicated to failure. Today I came across a blog from Dave Linthicum discussing failures on Business Intelligence projects. Dave was offering his point of view on another blogger’s story about Business Intelligence project failures. The author of the original blog pointed out some reasons for the failures. The first reason was
They don’t understand elastic scale
Dave added his two cents to this comment….
Tossing hardware and software at the problem does not work, nor does limiting use. You have to architect to scale, most don’t bother.
There is that word again….ARCHITECT! How many times do we have to fail before somebody wakes up and realizes that you can’t just buy the next hyped up technology solution, pop in an install disk, and click next 15-20 times? Initiatives like BPM, SOA, Cloud Computing, Business Intelligence, Master Data Management, and others require a well thought out plan that includes a heavy dose of good old fashion architecture. Why do so many IT shops act like day traders trying to get rich quick instead of putting in the upfront time to analyze, plan, anticipate, prototype, and build something sustainable?
The part that burns me about this is not the failures. As Forrest Gump would say, “Stupid is as Stupid does”. What bothers me is that IT’s lack of commitment to architecture often winds up placing the blame on the technologies that these teams failed at. In the end, it is the business that suffers. Either IT fails to deliver the promise of these expensive technologies or IT continues to maintain antiquated legacy systems in fear of failing with the newer technologies. To make matters worse, when IT fails to deliver, the business starts to take matters into their own hands. They purchase one off solutions from numerous snake oil salesman and create a nightmare of disjointed systems with ungoverned data that become mission critical to decision making. It is a viscous cycle that can only be solved when IT can be looked at as a reliable source for delivering business value.
So I ask, how many times must we fail until we stop “day trading” and start architecting? I had a manager who always told me, “Don’t bring me problems, bring me solutions”. I try to live by that motto. That is why I have joined a group of very talented individuals who, like me, are trying to do something about this. The group is the CAEAP (Center of the Advancement of the Enterprise Architecture Profession).
Our mission is …
To advocate consistent professional practice, to generate public awareness, and to bring together likeminded individuals who subscribe to the Hippocratic Oath for the Enterprise Architecture Profession.
We will be sharing a wealth of information after our June 20th event where we host a historic event which revolves around group signing of the Enterprise Architecture Doctrine, unveiling the Enterprise Architecture Profession Roadmap and awarding the first annual CAEAP Enterprise Architecture lifetime achievement award and Enterprise Architect of the year awards and much more.
Look for more details in the future and follow us on twitter and LinkedIn. Together we can start a new trend towards IT success and reduce the huge number of IT failures. After all, the business needs us!
Your biggest competitor may not exist yet
Or, your biggest competitor may be a startup that is in stealth mode and you have no idea what they are up to. There are many reasons why you should be worried about new startups if you are a big monolithic company. Startups don’t have the following baggage:
- Cultural barriers that prevent innovation and new concepts
- Legacy systems that drain valuable resources (people, infrastructure, and budget)
- Silos between the business and IT
- Bored employees with no incentives to excel
- 40 hour weeks full of status meetings
Instead, startups are typically comprised of highly motivated individuals on a mission to deliver value as quickly as possible. Here are a few things you can expect at a startup:
- Business and IT are in sync. In fact, many times the business and IT are the same people.
- Believe in agile development and have collaborative environments
- Will work for food! Lower wages, more hours, more passion, more fun, and invested in the company. No time to be bored!
- Can leverage both the cloud and open source without fighting political battles. Equates to lower cost to enter the market.
I started this post after I just finished updating my company’s 3-year budget forecast. Now that we are closer to implementation we have more accurate numbers to work with. I can’t give you the details obviously but I can share this. We are building a global solution that requires major integration with many different types of companies. We need data centers in many locations across the world and have numerous privacy, security, and regulatory requirements to abide by. As I have discussed in the past, we are building a 100% hybrid cloud solution. Building a global infrastructure company is no small task and by no means is cheap. But after compiling the 3 year plan, I found that the cost of building out the infrastructure is easily 8 to 10 times less than building it all on premise. In fact, as we grow the business, the cost per widget actually decreases year after year due to economies of scale! Try that in your own data center. The use of open source software is another key contributor to our low cost of entry. In fact, even with outsourced development factored in for years two and three, labor costs far exceed the sum of infrastructure and software costs.
That’s right folks, for startups, the cloud is the real deal. I get a chuckle out of all the discussions about cloud definitions that carry on all day on Twitter. I have seen so many different definitions of private clouds, most of which are true for certain use cases only. I keep hearing how private clouds are on-premise data centers. Well, I have no on-premise datacenters. To me, a private cloud is a place where I can do computing using infrastructure that I can physically point to whether I own it or not. The difference is those resources are not shared with other companies like they are in a public cloud. It is “mine” whether i own it or not. </end diversion>
Back to intent of this article. While large companies argue semantics, play politics, and approach the cloud from all of the wrong angles, agile startups are forging ahead. We are not letting the naysayers slow us down. In fact, critics of the cloud provide valuable information for us. They sometimes raise valid issues which we take into consideration and make sure are addressed. Many large companies are looking at cloud computing because they heard they could save money. What they don’t realize is that to deploy real enterprise ready solutions in the cloud, they need to have a well thought out architecture, preferably one that is service-oriented, so that they can take advantage of the cloud resources. This means that those legacy systems that are costing so much money to keep running are the worst possible candidates for the cloud. Instead, new software designed specifically for the cloud or software that is loosely coupled and abstracted from the infrastructure is where the cost savings come into play. And that is why startups have a golden opportunity to be extremely successful deploying in the cloud. They get to start with a blank sheet of paper and build services that are location agnostic, technology agnostic, vendor agnostic, etc.
So if you see a startup that has a good business model and is taking advantage of low cost IT by leveraging the cloud and open source software, you might want to keep an eye on them. If they start getting traction and gaining customers, they will be in a great position to scale up quickly at affordable costs. In addition, if they took a service-oriented approach, they should be agile and able to react to changing requirements much faster than those stuck in legacy. The combination of low cost and agility can give the startups the edge they need to take the bread off the table of those companies stuck with their outdated IT strategies.
The real problem with Cloud Computing….People
I said the same thing when we were in the extreme hype & FUD stage of SOA. Now we have simply changed the marketing slides from SOA to Cloud Computing and the same pattern of insanity commences.
Cloud Insanity – To repeat the same behaviors that caused SOA to fail and expect a different result.
For the creators of Cloud Computing FUD, here are some bullets for you to dwell on….
- Nothing is secure unless you architect for it. The cloud forces you to do this because the endpoints are outside of the enterprise
- Don’t hold cloud computing to a higher standard than your data center. Many data centers have bigger issues than the cloud. See previous bullet
- Don’t jump on every single cloud failure and declare the cloud too risky. Yes GMail has an issue on occasion but I can’t count all the times that the corporate Exchange server had an outage.
- The Cloud is just another implementation of an architecture. Use it when it makes sense.
For the creators of hype (primarily the vendors)
- If your stuff wasn’t designed specifically for the cloud it is just the same stuff rebranded as cloud computing…just like all of your “SOA” stuff
- Before you hype up the cloud, show me some real customer success stories. Don’t show me isolated cases where some guy with a credit card got a lot of work done for a little money. Show me how a customer built an end to end solution that connects to partners, suppliers, and combines both on-premise and off-premise services.
- If you can’t show me the case studies from the previous bullet, then don’t hype the cloud as the ultimate savior. Instead, describe it the way your customers use it, an efficient tool for processing adhoc and non-mission critical applications.
For the practitioners….
- If you have an opinion about the cloud that is not backed with your own research, don’t blog about it. Too many people are grabbing either the hype or the FUD and running with it based on assumptions.
- If you haven’t done your own evaluation and tried to solve real business problems with the cloud, then don’t call yourself an expert. If you have, then let’s have a discussion about the pros and cons.
My take
The cloud offers great potential for those people who take a logical approach to solving real business problems. At the end of the day it comes down to business drivers and good old fashion architecture. To leverage the cloud to deliver enterprise solutions (not one offs, or isolated use cases) you really need an organization that is disciplined in architecture and capable of successfully implementing SOA. Since we failed so much delivering SOA, I cringe as the masses jump on the Cloud Train. That is not a knock on the cloud, it is a knock on the way many people are thinking about the cloud. The hypsters talk about the future state where everything runs in the cloud and all your problems are solved. What they don’t tell you is how do you get there. If you attend the conferences they will tell you how Joe Businesperson can run their credit card and have a system up and running in a day or two without needing IT. Yikes. It’s like all of your Access power users who created unvalidated decision support information that killed your PCI and SOX audits are now empowered with a credit card and unlimited computing resources! Let the nightmares begin. Companies who will have success creating enterprise solutions in the cloud will have these characteristics:
- Have an innovative culture
- Don’t buy into FUD or hype. Instead rely on EA or architecture best practices to validate the cloud.
- Focus on business drivers first and foremost and use the cloud where it makes sense for the business
- Are disciplined and believe in governance
- Have a successful SOA implementation
- Have talented personnel and a few really good architects
- Have C-level support
- Don’t have adversity between infrastructure and development silos
Just like SOA, you need to evaluate the impact of change to the organization. Below is a presentation I did about SOA and transformational change. Replace SOA with Cloud Computing, lather, rinse, repeat! It’s all the same.