What could go wrong with cloud? Lets count the ways.

In their latest book, Cloud Computing for Business, Dr. Chris Harding and his team of co-authors affiliated with The Open Group a key standards body for enterprise architecture detail some of the key risk areas that need to be looked at with any cloud project:

Looks harmless, right? Photo: Wikimedia Risk #1: The solution may not meet its financial objectives: Do your short-term and long-term ROI work. The key factors to consider when assessing cloud ROI risk probability include utilization, speed, scale, and quality. These factors are built into most ROI models, and affect the headline figures for investment, revenue, cost, and time to return. Risk # 2: The solution may not work in the context of the user enterprises organization and culture: Always a biggie. The best way to address is having a clear executive vision and direction for business transformation, which includes top-level executive support. (Easier said than done, right?) This should include the establishment of a clear roadmap for procurement or implementation of cloud services and applications that use them, and coordination of stakeholders and competing strategies to get consensus for storage, computing, network and applications to avoid islands of demand usage. Always start with pilots to create confidence and build buy-in and usage in the user community for cloud services. Risk #3: The solution may be difficult to develop due to the difficulty of integrating the cloud services involved: There is a risk that it will not be possible to integrate [multiple] cloud services with the existing system and with each other. This risk is critical; if the system cannot be built, it cannot be used. The service integration risk can be assessed by considering interface conversion cost, ability to change the existing system, and available skills. The skills part could stand as a risk on its own, as Harding and his co-authors point out that significant skills are required to assemble and customize multiple cloud services from different providers in a flexible, adaptable way, while maintaining security, backup, and governance mechanisms. Risk #4: The solution may not comply with its legal, contractual and moral obligations: Dependence on an external cloud supplier can increase the probability of noncompliance. Even if you have contracts that provide the necessary assurances on location and confidentiality, force majeure may prevent the supplier from honoring them. For example, what would be the result of legal action for subpoena of data in a cloud environment that may not even be held under your tenancy, but have been placed on the same system by other tenants? And what would then be the impact on your corporate reputation? Risk #5: A disaster may occur from which the solution cannot recover: Along with the usual mayhem, this can be a business disaster such as bankruptcies or contract cancellations on the part of cloud suppliers. As part of your risk analysis, you should identify the unplanned events that could harm you, and assess their probabilities and impacts. You may also wish to make general provision for unforeseen events that disrupt the cloud services that you use, or damage their data you can build into your system design elements that will reduce their probability or mitigate their

effects. For example, an effective backup and restore process, with the backup copy held in a different location from the data, or on your own rather than the cloud suppliers system, can change the impact of a disaster from fatal to merely serious. Risk #6: System quality may be inadequate, so that it does not meet users needs: The system quality of an external service can be assessed using the same factors as for the system quality of your own solution. In addition, look at the track records of suppliers very carefully, just as you would any outsourcing provider, Harding and his co-authors advise. Risk #7: Security may be inadequate: Need we say more? Having your own information, on your own hardware and between your own four walls, provides a level of comfort that you lose in the cloud, Harding and his co-authors point out. Cloud computing is not necessarily insecure, just that new considerations need to be taken into account and more modern security models developed and applied. You must adapt traditional security models to suit cloud computing needs and consider end-to-end security, including your own internal policies for access control and user provisioning. Risk #8: Im going to add an eighth risk to The Open Groups list, and that is, there may be an existing lack of service orientation. Not having full-blown SOA isnt necessarily risky in itself when moving to cloud, but the inability to move processes from current interfaces and underlying applications to more agile cloud services could really make a mess of things and ultimately make cloud more expensive than leaving things as is.

Cloud Computing: A New Landmine For Privacy In India

Object 1

Cloud computing is a cost effective and efficient service provided it is managed as per legal and moral standards. One of the biggest roadblocks for cloud computing is legal and regulatory issues. Cloud computing has been in controversies for violation of legal provisions in general and privacy rights in particular. In the past telecom companies have been criticised for illegal and unlawful disclosures of private information of their users. For instance, the secret NSA program, working with AT&T and Verizon, recorded over 10 million phone calls between American citizens. This caused a fear among privacy advocates about the extent to which telecommunication companies can monitor their user activity. Similar fears and contravention applies to cloud computing service providers, especially where there are no privacy laws and data protection laws. Clearly there is no universal or harmonised legal framework regarding cloud computing and telecommunications privacy. It varies from nation to nation and jurisdiction to jurisdiction. India has no dedicated privacy laws, data security laws and data protection laws.

Similarly, cyber security and cloud computing security issues are also by and large unresolved in India. India has no cyber security law in place. Event the sole cyber law of India, i.e. information technology act, 2000 is useless for preventing growing menaced of cyber crimes in India. With companies like research in motion (RIM) openly declared their intentions to allow cloud computing base data access for blackberry services in India to intelligence agencies and law enforcement agencies, this trust deficit has widened further. Fortunately, Google rightly refused to part with encryption keys regarding its Gmail services. This is a bold step on the part of Google and others must also follow the same path. There is no reason whatsoever that cloud computing would not violate privacy rights, data protection principles and data security practices in India. In fact, there is a very bright possibility that all these unlawful acts would happen in India without any legislative safeguards and court orders. If you are privacy conscious do not use cloud computing in India and oppose governmental use of the same for public delivery of its services. The fact is that India is not yet ready for cloud computing.

Cloud Computing For India Guide To Success - Presentation Transcript

1. Business Model and strategy research- Cloud Computing Indian Opportunities Road map and challenges for success Opportunity US $ 5bn with 30% CAGR Prepared by Debasish Choudhury Mail : debasishchoudhury.sai@gmail.com http://in.linkedin.com/in/debasishchoudhury 2. Goals and Objectives Section-A : Understand the relevant cloud for India Understanding the perspectives Key movers Section-B Identifying the existing opportunities (From slide No 32) Identifying the most viable Cloud computing opportunity for India Customer business value and business opportunities Solution and business need (Products) External dependencies and strategic partnership eco system Target segment and captive opportunities Go to market strategy and business roll outs Suggestive pricing and revenue ( Grab a secret) Section-C: Deep insight and correct techno commercial sizing (From slide 46) How to compete with established bigies & their weakness Key technical features required in product and solutions 3. Section-A Understanding The Cloud computing in perspective to India A definitive view beyond the hypes 4. Cloud Computing - Some terms Term cloud is used as a metaphor for internet Concept generally incorporates combinations of the following nfrastructure as a service (IaaS) I Platform as a service (PaaS) Software as a service(SaaS) Not to be confused with rid Computing a form of distributed computing Cluster of loosely coupled, G networked computers acting in concert to perform very large tasks Utility Computing packaging of computing resources such as computing power, storage, also a metered services Autonomic computing self managed 5. Grid Computing Share Computers and data Evolved to harness inexpensive computers in Data center to solve variety of problems Harness power of loosely coupled computers to solve a technical or mathematical problem Used in commercial applications for drug discovery, economic forecasting, sesimic analysis and back-office Small to big Can be confined to a corporation Large public collaboration across many companies and networks Most grid solutions are built on Computer Agents Resource Manager Scheduler Compute grids Batch up jobs Submit the job to the scheduler,

specifiying requirements and SLA(specs) required for running the job Scheduler matches specs with available resources and schedules the job to be run Farms could be as large as 10K cpus Most financial firms has grids like this Grids lack automation, agility, simplicity and SLA guarantees 6. Utility Computing More related to cloud computing Applications, storage, computing power and network Requires cloud like infrastructure Pay by the drink model Similar to electric service at home Pay for extra resources when needed To handle expected surge in demand Unanticipated surges in demand Better economics 7. Cloud computing History Evolved over a period of time Roots traced back to Application Service Providers in the 1990s Parallels to SaaS Evolved from Utility computing and is a broader concept 8. Cloud computing Much more broader concept Encompasses IIAS, PAAS, SAAS Dynamic provision of services/resource pools in a co-ordinated fashion On demand computing No waiting period Location of resource is irrelevant May be relevant from performance(network latency) perspective, data locality Applications run somewhere on the cloud Web applications fulfill these for end user However, for application developers and IT Allows develop, deploy and run applications that can easily grow capacity(scalability), work fast(performance), and offer good reliability Without concern for the nature and location of underlying infrastructure Activate, retire resources Dynamically update infrastructure elements without affecting the business 9. Clouds Versus Grids Clouds and Grids are distinct Cloud Full private cluster is provisioned Individual user can only get a tiny fraction of the total resource pool No support for cloud federation except through the client interface Opaque with respect to resources Grid Built so that individual users can get most, if not all of the resources in a single request Middleware approach takes federation as a first principle Resources are exposed, often as bare metal These differences mandate different architectures for each 10.Commercial clouds 11.Cloud Anatomy Application Services(services on demand) Gmail, GoogleCalender Payroll, HR, CRM etc Sugarm CRM, IBM Lotus Live Platform Services (resources on demand) Middleware, Intergation, Messaging, Information, connectivity etc AWS, IBM Virtual images, Boomi, CastIron, Google Appengine Infrastructure as services(physical assets as services) IBM Blue house, VMWare, Amazon EC2, Microsoft Azure Platform, Sun Parascale and more 12.Cloud Computing - layers Layers Architecture 13.What is a Cloud? Individuals Corporations Non-Commercial Privatet Cloud Middle Ware Storage OS Network Service(apps) SLA(monitor), Provisioning Provisioning Provisioning Provisioning Security, Billing, Payment Resources Services Storage Network OS 14.Why cloud computing Data centers are notoriously underutilized, often idle 85% of the time Over provisioning Insufficient capacity planning and sizing Improper understanding of scalability requirements etc including thought leaders from Gartner, Forrester, and IDCagree that this new model offers significant advantages for fast-paced startups, SMBs and enterprises alike. Cost effective solutions to key business demands Move workloads to improve efficiency 15.How do they work? A conventional legacy view as observed by many Public clouds are opaque What applications will work well in a cloud? Many of the advantages offered by Public Clouds appear useful for on premise IT Self-service provisioning Legacy support Flexible resource allocation What extensions or modifications are required to support a wider variety of services and applications? Data assimilation Multiplayer gaming Mobile devices 16.Cloud computing Characteristics A conventional legacy view as observed by many Agility On demand computing infrastructure Linearly scalable challenge Reliability and fault tolerance Self healing Hot backups, etc SLA driven Policies

on how quickly requests are processed Multi-tenancy Several customers share infrastructure, without compromising privacy and security of each of the customers data Service-oriented compose applications out of loosely coupled services. One service failure will not disrupt other services. Expose these services as APIs Virtualized decoupled from underlying hardware. Multiple applications can run in one computer Data, Data, Data Distributing, partitioning, security, and synchronization 17.Public, Private and Hybrid clouds 18.Public clouds Open for use by general public Exist beyond firewall, fully hosted and managed by the vendor Individuals, corporations and others Amazon's Web Services and Google appEngine are examples Offers startups and SMBs quick setup, scalability, flexibility and automated management. Pay as you go model helps startups to start small and go big Security and compliance? Reliability concerns hinder the adoption of cloud Amazon S3 services were down for 6 hours 19.Public Clouds (Now) Large scale infrastructure available on a rental basis Operating System virtualization (e.g. Xen, kvm) provides CPU isolation Roll-your-own network provisioning provides network isolation Locally specific storage abstractions Fully customer self-service Service Level Agreements (SLAs) are advertized Requests are accepted and resources granted via web services Customers access resources remotely via the Internet Accountability is e-commerce based Web-based transaction Pay-asyou-go and flat-rate subscription Customer service, refunds, etc. 20.Private Clouds Within the boundaries(firewall) of the organization All advantages of public cloud with one major difference Reduce operation costs Has to be managed by the enterprise Fine grained control over resources More secure as they are internal to org Schedule and reshuffle resources based on business demands Ideal for apps related to tight security and regulatory concerns Development requires hardware investments and in-house expertise Cost could be prohibitive and cost might exceed public clouds 21.Clouds and SOA SOA Enabled cloud computing to what is today Physical infrastructure like SOA must be discoverable, manageable and governable REST Protocol widely used(Representational State Transfer) 22.Clouds for Developers Ability to acquire, deploy, configure and host environments Perform development unit testing, prototyping and full product testing 23.Open Source Cloud Infrastructure Simple Transparent => need to see into the cloud Scalable => complexity often limits scalability Secure => limits adoptability Extensible New application classes and service classes may require new features Clouds are new => need to extend while retaining useful features Commodity-based Must leverage extensive catalog of open source software offerings New, unstable, and unsupported infrastructure design is a barrier to uptake, experimentation, and adoption Easy To install => system administration time is expensive To maintain => system administration time is really expensive 24.Open Source Cloud Ecosystem - Tools RightScale Startup focused on providing client tools as SaaS hosted in AWS Uses the REST interface Canonical Ubuntu 9.10 (Karmic Koala) Includes KVM and Xen Hypervisors 25.Open Source Cloud Anatomy Extensibility Simple architecture and open internal APIs Client-side interface Amazons AWS interface and functionality (familiar and testable) Networking Virtual private network per cloud Must function as an overlay => cannot supplant local networking Security Must be compatible with local security policies Packaging, installation, maintenance system administration staff is an important constituency for uptake 26.Eucalyptus(Elastic Utility Computing Architecture Linking Your Programs To Useful Systems) 27.Clouds and Virtualization Operating System virtualization (Xen, KVM, VMWare, HyperV) is only apparent for IaaS AppEngine = BigTable Hypervisors virtualize CPU,

Memory, and local device access as a single virtual machine (VM) IaaS Cloud allocation is Set of VMs Set of storage resources Private network Allocation is atomic SLA Monitoring 28.Cloud Performance Extensive performance study using HPC applications and benchmarks Two questions: Performance impact of virtualization Performance impact of cloud infrastructure Observations: Random access disk is slower with Xen CPU bound can be faster with Xen -> depends on configuration Kernel version is far more important No statistically detectable overhead AWS small appears to throttle network bandwidth and (maybe) disk bandwidth -> $0.10 / CPU hour 29.Clouds open for innovation 30.Cloud computing open issues Governance Security, Privacy and control SLA guarantees Ownership and control Compliance and auditing Sarbanes and Oxley Act Reliability Good servive provider with 99.999% availability Cloud independence Vendor lockin? Cloud provider goes out of business Data Security Cloud lockin and Loss of control Plan for moving data along with Cloud provider Cost? Simplicity? Tools Controls on sensitive data? Out of business Big and small Scalability and cost outweigh reliability for small businesses Big businesses may have a problem 31.Battle in the cloud Amazon Web Services Google App Engine Free upto 500 MB, Free for small scale applications? Universities? Pay when you scale GoGrid .. Some more Hosting companies Where is HP, IBM, Oracle(+sun) and Dell? 32.Section-B Bring the cloud to shower the bounty Go, build and empower 33.Re asserting the objectives Identifying the most viable Cloud computing opportunity for India Customer business value and business opportunities Solution and business need (Products) External dependencies and strategic partnership eco system Target segment and captive opportunities Go to market strategy and business roll outs Suggestive pricing and revenue ( Grab a secret) 34.Dont Ignore : Microsoft and Amazon face challenges Globus/Nimbus Client-side cloud-computing interface to Globus-enabled TeraPort cluster at U of C Based on GT4 and the Globus Virtual Workspace Service Shares upsides and downsides of Globusbased grid technologies Enomalism (now called ECP) Start-up company distributing open source REST APIs Reservoir European open cloud project Many layers of cloud services and tools Ambitious and wide-reaching but not yet accessible as an implementation Eucalyptus Cloud Computing on Clusters Amazon Web Services compatible Supports kvm and Xen Open Nebulous Joyent Based on Java Script and Git 35.Identifying the most viable Cloud computing opportunity for India What is the hidden IT pilferages in India The hardware market enjoys healthy sell. PC,LAN, Routers, servers etc There is an estimate of US $ 4 bn OS piracy Un successful attempt in open source having a grip on US $ 12BN Other applications pirated, infringed, locally developed US $ 16BN Beyond budget scenario killing an US $ 20 Bn market of ERP,CRM,SCM,MAIL, DB etc in SME, Govt, Education etc What differentiates & brings a compelling Cloud on pay per use or flexible usage Remote OS and desktop applications Customized ERP & CRM for SME and Retail chains from cloud with flavour of private cloud Clustered virtualised DB services without load of licensing and on hosted model Education content digitised and on affordable scale Foot on street with resellers on commission basis 36.Identifying the most viable Cloud computing opportunity for India an example ( offering pitch of a major SI to a major Government entity) I. Infrastructure as a service for : Roll out of new applications whose usage is un predictable Development and testing platforms Infrastructure that is coming up for refresh II. DR as a service for mission Critical applications Application on SAAS mode Document Management system Online CMS Design and build private cloud

37.Customer business value and business opportunities OS & Office applications The OS license per user when offered from cloud reduces the overhead and contributes higher sale at lower prices Enhanced office applications lead customization and continued revenue DB & Web servers DB designed from cloud will reduce the cost up to 80% to user and increase the marketability by 1200% Back up and restoration can be very cheap and profitable ERP, CRM & BPM The license cost is nominal but customization and infrastructure backed by Cloud will reduce the cost to 75% !! Open up the health exchange services Multi media content A huge hit for education Personalised services Services like web talk will move to new heights Social networking to new revenue New developed and open market place for innovative software developments !! 38.Solution and business need Target retail A huge base of retail under price pressure and not capable to avoid the hardware cost. But compromise on OS & Application Package and hybrid for Private cloud with : CRM ERP BI & DWH BPM SCM Target Education ( Primary and higher) Packaged content of education multi media for regions and states and launched through partners Target Govt A comprehensive partnered OS, MAIL, DB, WEB and ERP Target New Tech SME & big industries Up coming segments of Pharmacy, Chemical , power & auto Target home and domestic House hold PC is a sleeping dragon over god mine !! 39.External dependencies and ecosystem ISV and Applications Segment basis applications like Mail, finance & accounting, CRM, ERP need to be looped. Regional and clustered opportunity need to be tweaked and packed in a clod Resellers VAR and IT sellers to map the lead to closures SI and tech partners Customize to build private clouds and offer dedicated help desks Infrastructure players Connectivity and data centers 40.Target segment and captive opportunities Retail The opportunity lies with 200 plus organised retailes Education ( Primary and higher) Pan India primary education Engineering colleges Govt Indian Railways and state e-gov New Tech SME & big industries Chemical and drug + hospitals Automotive Power home and domestic Education Entertainment 41.GO To Market (GTM) & BUSINESS ROLL OUT Capturing the business need of high volume high margin segments Package the offering Build the re seller Target retail and education on phase-1 and Govt on Phase-2 and domestic on phase-3 Design the offerings Create various flavours in collaboration with applications Build the cloud in offering mode Deploy the applications Build the fulfilment models Prepare the menu card Nurture the infrastructure provider A time line of 3 to 6 months 42.Suggestive pricing and revenue Three main purposes Software as a service (SaaS) Enterprise resource management through internet Platform as a service (PaaS) Developing software on a shared platform on the cloud Infrastructure as a service (IaaS) Getting service from a full computer infrastructure through the internet Storage & databases 43.Suggestive pricing and revenue Collection of servers owned by a cloud provider Cloud automatically utilizes the right no. of servers, adding or releasing servers, as load fluctuates Data Centers 44.Suggestive pricing and revenue- A reference Wuxi China Cloud Computing Center at IBM establishes the first Cloud Computing Center for software companies in China the new Wuxi Tai Hu New Town Science and Education Industrial Park in Wuxi, China Offers emerging Chinese software companies the ability to tap into a virtual computing environment to support their development activities. A shared facility, providing each company in the Wuxi Software Park with its own virtual data center Enabled by IBM technology and service Managed with IBM Tivoli systems management products Hardware IBM System x, System p and BladeCenter Benefits Up to 2Fast deployment of Rational software development environments 00K software developers, 100 companies Cost efficient shared infrastructure "The China Cloud Computing Center represents a milestone in

service-oriented computing," said T. W. Liu, the chairman and CEO of iSoftStone. "It will allow companies in the Wuxi Software Park to leapfrog to the newest computing models and will provide an efficient IT platform for software development." 45.Suggestive pricing and revenue Converging Web-centric clouds and enterprise data centers Establishing Pan India but converged with worldwide cloud computing centers to drive adoption Need to lead the way in bringing cloud computing benefits to enterprises 46.Section-C Major mismatch & weakness of major players : Note the parameters required for success 47.Challenge for cloud system proposed by : Microsoft, Amazon, Google & Sales force . Enterprise Cloud : A complete out of reach of these major players Enterprise cloud need Specific business process and customizable Private clouds are not the feature in the offerings of the above players. Security and reliability The business specific clustered security with partition of multi tenancy is the need. Multi level access is absent. Enhanced values and pricing Specific value added enterprise IT system is absent. Application developments Enterprise specific SDLC process is absent. 48.Challenge for cloud system proposed by : Microsoft, Amazon, Google & Sales force . Retail Cloud : A complete out of reach of these major players Retail cloud need Segment specific customized application is absent Business enhancement features Critical business need of SCM and ERP missing Other applications are too completed to access from cloud Operational need and compliances Various modules for small business missing Sharing and collaborating Various platforms to collaborate is absent Hitless merger from PC to business with applications is a total miss match 49.Challenge for cloud system proposed by : EMC, CISCO, ORACLE etc IAAS /PAAS Cloud : Miles to go to reach the business On demand setup Sizing and dedicated feature based services absent Business centric maintenance Availability and SLA management to serve end customers is poorly managed Reliable multi tenancy Load and demand mapping without cost implication is totally ignored Business specific fabric computing High demand and on demand systems design with unique customization is long way to go. Application and delivery models with complying to PCMM and ITIL standards poorly mapped.