Cloud Computing: Harnessing the Storm

By Mike Kay


Two of the hundreds of Cloud-related headlines last month:


Amazon Cloud Storm Outage
Wednesday, December 9.  As storms engulfed the East Coast of the United States, Amazon Web Services (AWS), the cloud-computing giant, lost power for six hours in one of its four availability zones due to a lightning strike at its Virginia data center.  The redundancy protection designed into Amazon’s system failed to utilize unaffected datacenters – due to connectivity issues.


Amazon EC2 Cloud Service Hit by botnet, Outage
Friday, December 11.  Security researchers found that a variant of the infamous password-stealing Zeus banking Trojan had infected client computers after hackers were able to compromise a site on EC2 and use it as their own C&C (command and control) operation.  The cybercrooks reportedly snuck their way into EC2 by gaining access through a site hosted on Amazon's service.


In my last blog post, “Cloud Computing: Do I still Need Backups?”, I introduced the notion that local, on premises compute infrastructure could, in the future, take on the role of “backing up the Cloud.”  The above two stories, in particular, illustrate the need for backups of some kind. 


In the first case a regional, weather-induced disaster befell the utility compute grid.  System wide protection measures failed and customers were left in the compute dark for a quarter of a day, almost an entire trading session.  In my head I hear echoes of the famed Northeast electric grid failure of 2003.  Redundant systems failed due to human errors in the deployment of connective elements needed to bridge from one “compute generator” to the next.


In the second case a part of the data that resides inside the Cloud became maliciously corrupted, threatening the integrity of business systems running throughout the grid and required an outage to isolate, extract and recover.


It’s no wonder that at the top of Gartner Research’s list of factors inhibiting enterprise adoption of Cloud computing are Availability and Security concerns.  CIOs are extremely reluctant to take on risks  that they themselves have already mitigated within their IT infrastructure.   They understand these risks all too well having  spent millions over the last decade to protect against security breaches and to implement effective business continuity measures.  Press quotes abound from C-level executives who are reluctant to put company information at risk outside the corporate firewall.


I read these comments with great interest and sense  a common thread:  Enterprise IT has met and subdued the Enemies of non-stop computing.   In their minds the onus is on the public Cloud providers to demonstrate they have done the same.  But it seems to me a lot of people have it backward;   The onus (buyer beware) for contingencies should be on those who choose to use the Cloud for the goodness it offers. 


The public compute and storage utility will always be what it is today, at least from the standpoint of imperfections.  It will take a long time before such a complex system becomes nearly infallible.  The public electric grid, despite decades of improvement, still fails, seemingly when most inconvenient to us subscribers!  


The enterprises today which are successfully leveraging Cloud services almost without exception carefully identify the services they want to outsource balancing benefits and risks.  Mean-time-to-failure, outage durations, recovery times and recovery points are considered against the service window required by corporate users.  The general rule of thumb is that if the service window is a 90 percent match against corporate requirements and the cost to deliver the service is an order of magnitude less, per user, with the Cloud service, it’s worth it.  With two provisos:



  1. There is a well defined off ramp from the service should the economics change.

  2. There is a way for Corporate IT to participate in the assurance of data and service availability and recovery.


First, there must be a way either to move the service back in house if the need arises, and/or extract the data that is unique to the enterprise in such a way that it can be ported to another Cloud service or an on premises service.


Second, there must be instrumentation in the running service that allows Corporate IT to monitor or audit (for themselves) the health of the Cloud services.  Also, the Cloud Service must provide a way for Corporate IT to assure recovery point and time of Cloud service data.  Meaning:  Corporate IT backups of the Cloud.


Modern data protection technologies can operate on all kinds of data and care not whether it is in flight or at rest.  Technologies exist to cope with data whether it is at the edge of the network on a mobile laptop or deep in the datacenter  on a server.  The best Corporate IT providers effectively screen out threats and make secure copies for recovery or long term retention. 


The most forward thinking Corporate IT organizations are applying their existing data protection technology to help insulate against the weaknesses and vulnerabilities of Cloud services, while enabling the careful extension of on premises infrastructure into the Cloud.


In my next post I’ll talk about the various techniques I’ve seen employed in our customers to overcome those two top Cloud adoption inhibitors:  Availability and Security.

Comments
(anon) | ‎01-20-2010 10:01 AM

Cloud computing is a type of computing that makes use of resources over the internet rather than from localised sources.  Cloud computing is also closely related to virtualization which is also showing tremendous growth. I got a useful information about the cloud computing from the cloud computing conference. It was a conference about the latest trends and changes in the cloud computing world. I also got an opportunity to meet the world's leading experts in the cloud computing world.

Leave a Comment

We encourage you to share your comments on this post. Comments are moderated and will be reviewed
and posted as promptly as possible during regular business hours

To ensure your comment is published, be sure to follow the Community Guidelines.

Be sure to enter a unique name. You can't reuse a name that's already in use.
Be sure to enter a unique email address. You can't reuse an email address that's already in use.
Type the characters you see in the picture above.Type the words you hear.
Search
Showing results for 
Search instead for 
Do you mean 
About the Author
Featured


Follow Us
The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the Terms of Use and Rules of Participation.