Defending the Private Cloud

Phil - You know I love hyperbole as much as the next guy, but come on... discrediting the private cloud?? (and to those who aren't aware - I've corresponded with Phil for just over 7 years and have a sincere respect for him... but that doesn't mean I won't rip into his posts ;-)

Phil writes:

"Back in January, I made a controversial prediction that private clouds will be discredited by year end. Now, in the eleventh month of the year, the cavalry has arrived to support my prediction, in the form of a white paper published by a most unlikely ally, Microsoft."

A whitepaper from Microsoft is the cavalry? Wow - it must have been written by Bill Gates himself! Or... a couple noobs with MBA's and banking backgrounds... But to be fair, the paper rocks. It's dead on. It says that the cloud model is a good one - and that *eventually* more and more applications will be a good fit for the large scale public clouds.

The cool stuff described in the paper is evolving; it will take time (like a decade). That said... let's take a look at the realities that my clients live with on a daily basis:

1. ALL (not some) of my large clients have a mixed computing environment including some combination of AIX, Solaris and Z. NONE (not some) of the public cloud providers have options for supporting all of these environments. I know, you're thinking to yourself... well, they should just port the applications to Linux/Wintel and all would be good. However, in the vast majority of the cases, the applications are packaged software and my clients have little influence over the vendors who own them. So, to be clear - a significant portion of the applications are not targets for the current large scale cloud providers (like Amazon, Microsoft, etc.)

2. Most applications are data intensive and coupled together. This presents a problem when you want to move applications from your internal data center to a public cloud. I compare it to pulling out a paper-clip from your desk drawer only to find it bound to a bunch of other paper-clips. Enterprise applications are often glued together, with either low latency requirements between them or requiring large amounts of data to be moved between them (not good if you have remote data centers with thin pipes and ingress/egress fees.) **Phil, it's about Loose Coupling ;-)

3. Hardware and software provisioning times in the enterprise are embarrassing. The amount of time/money that is wasted waiting for new environments to be procured, stood up, tested, secured, etc. would astound you. The pain is real TODAY - and waiting a decade for a public cloud to be able to support the half-dozen hardware platforms, operating systems, COTS licenses, etc. you need to perform integration testing on isn't an option.

4. Mankind didn't suddenly change in 2010. It turns out that wholesale moves from one computing model to another is not in the corporate DNA. Enterprises who excel at mitigating risks are taking incremental steps to the cloud. First, they're interested in finding out simple things like "how will my business critical application perform if we virtualize it?" or... "If we moved our data intensive application off of our vertically scaled mainframe onto a horizontally scale commodity compute (share nothing) architecture - - will it still perform?" You see... enterprise I.T. has lots of unknowns around cloud architectures. It will take some time for them to understand the basics. Once they answer the architectural questions, figuring out who hosts it is rather simple problem (price, service & reliability).

---

Private cloud is a natural stepping stone. Most I.T. professionals that I have met do not understand the architectures, processes and operating models (regardless of public or private). Pushing naive people to a public cloud where their mistakes will be hidden by a magically elastic service interface is *not a good idea*. Trust me... it shows up when they get the bill. Instead, I wholeheartedly recommend a stepwise approach to learning about horizontal scaling, sharding, MapReduce, BigData, multi-tenant services, etc. in an environment where they can observe actions and outcomes.

MomentumSI Partners on Private / Hybrid Cloud

Why self-service private cloud?

• Improved agility — Deployment cycles shrink from months to minutes, making IT far more responsive to business lines and other internal customers.
• Reduced capital expense — Utilization of hardware capacity improves dramatically due to elastic provisioning and de-provisioning of services.
• Reduced operating costs — Software infrastructure and provisioning processes are standardized and automated. Control is decentralized to decentralized constituents.
• Reduced risk — The controlled cloud provides an alternative to rogue deployments to the public cloud. The ability to move workloads between deployment environments (physical, virtual or cloud) avoids platform lock-in.

The core technologies and services within the MomentumSI self-service private/hybrid cloud platform include:

• newScale service catalog — www.newScale.com
• rPath release automation — www.rPath.com
• Eucalyptus cloud automation — www.Eucalyptus.com

For full details, visit: http://www.momentumsi.com/solutions/Cloud1.html

Current challenges for Application Performance Engineering

Application performance engineering is a discipline encompassing expertise, tools, and methodologies to ensure that applications meet their non-functional performance requirements. Performance engineering has understandably become more complex with the rise in multi-tier, distributed applications architectures that include SOA, BPM, SaaS, PaaS, cloud and others. Although performance engineering ideally should be applied across the lifecycle, we’re seeing more factors that unfortunately push it into the production phase, typically to resolve problems that have already gotten out of hand. That clearly a tougher challenge, so how did we get to this point?

In the client-server past, performance optimization was something that folks in the IT department typically figured out through trial and error. Developers learned to write more efficient database queries, database administrators learned to index and cache, and system administrators monitored CPU and memory to upgrade when needed.

As application architectures started to get more complex, the dependencies increased and it was harder for one team track down problems without chasing their tail. More organizations adopted something that was previously only used by enterprises with highly scalable, reliable mission critical applications – the performance testing lab. Vendors like Mercury created popular load testing tools like LoadRunner, and organizations invested millions in lab hardware and software in an attempt to recreate production environments that they could control for testing purposes.

Unfortunately, these performance labs became very difficult to cost justify. First, it always seemed to take too much time and money to setup the realistic test environments you’d like, particularly as apps became more distributed. Next, projects were often already behind schedule when it came time to test, and so lab times often had to be cut short. Factors like these minimized the lab’s value, but the real killer was the high maintenance costs for all that hardware and software, along with the data center and staff.

This put many IT organizations in a tough spot. With limited means to perform system-wide performance testing, and the inclusion of more SaaS/PaaS/cloud services in their architecture, they had to make due with whatever subsystem level performance testing they could get. After that, its finger-crossing and resigning yourself to further optimization in production.

Unfortunately, production can be a very frustrating place to try and optimize performance, particularly when you have performance problems and growing complaints from customers, partners, etc. It’s in these pressured environments where you need true performance engineers that follow a methodical and systematic end-to-end approach. Performance bottlenecks can reside in a myriad of places in highly distributed architectures, and you need to follow a disciplined methodology to analyze dependencies, isolate problem areas, and then leverage the best of breed tools to trace, profile, optimize, etc each of the tiers and technologies in the application delivery path. This takes a lot of skill and expertise.

In short, the challenges faced by today’s application performance engineer in production settings is a far cry from the client-server days of in-house tuning and experimentation. We expect that the role of Performance Engineer will grow in importance as SOA, BPM, cloud, and SaaS/PaaS implementations increase, and until more viable pre-production system performance testing options are available to rise up to the challenge.

SOA Manifesto

Here's a few quick links:

The MomentumSI SOA Manifesto from 2007:

http://schneider.blogspot.com/2007/10/enterprise-soa-manifesto.html

Our discussion forum on the 2009 SOA Manifesto:

http://www.SOAManifesto.com

The 2009 SOA Manifesto:

http://www.SOA-Manifesto.com

The Case for Expropriated Reuse

Expropriated Reuse is a form of reuse that focuses on the here and now. The goal isn’t to define some new service and hope for ‘accidental reuse’ or even to put forward a case for ‘planned reuse’. Instead, it’s the act of going out and finding redundant code that already exists across multiple systems and turning it into a single shared service. I’ll repeat that: Find redundant code and refactor out the common elements into shared services. This ALWAYS results in multiple consumers (or mandated consumers, if you prefer).

I’ll give a quick example. Over time, company X had ‘accidentally’ created 5 software modules that existed inside of larger applications that all did some form of ‘quoting a price to customers’. This led to 5 teams maintaining it, 5 sets of computer hardware, etc. Expropriated Reuse is the act of going to the applications and cutting out the common elements and turning them into one shared service. Note that this is different than application rationalization or application consolidation that tends to use a nuclear bomb to deal with the problem. We’re recommending sniper firing with a bit of additional precision bombing.

The reasons that we do this are mostly financial. We want to reduce the amount of code that has to be maintained and operated. We want to reduce our costs. There are plenty of other reasons like increased quality, time-to-market, etc. but I’m done with those softies. The case is cold hard cash. Show me how to save money or go away.

IMHO, the new SOA agenda is about expropriated reuse. The SOA Program must actively identify opportunities to make the enterprise software portfolio more efficient and less costly. Just like in city planning exercises we must acknowledge the needs of the community over the needs of the few. And I’m in agreement with Clinton that ‘we should never waste a good crisis’. Reduced I.T. budgets have created a ‘crisis of efficiency’ in virtually all of our clients. The imperative is to find ways to reduce budgets in the short term and over the next 3-5 years.

To quote Todd Biske, “… a common analogy for enterprise architecture these days is that of city planning. … (does) your architecture have more parallels to the hot political potato of eminent domain? Are you having to bulldoze applications that were only built a few years ago whose residents are currently happy for the greater good? What about old town? Any plans for renovation? If you aren’t asking these questions, then are you really embracing enterprise SOA?”

I’ve been wondering: Should all SOA programs that do not have the authority to issue an order of ‘eminent domain’ on the software portfolio be shut down? Does your SOA program have a hunting license to go find inefficiencies / duplicate coding and to issue an order of eminent domain on that code? Can you imagine what our country would look like if we couldn’t issue an order of eminent domain to capture land for our highways, bridges or railroads? Can you imagine if we didn’t have the ability to implement ‘easement by necessity’? Consider your town/neighborhood and think about the following: Railroad easements, storm drain or storm water easements, sanitary sewer easements, electrical power line easements, telephone line easements, fuel gas pipe easements, etc. What a mess it would be. The crisis of budgets must draw out the leaders. If you haven’t already been issued a hunting license, it’s time to go get one.

So I’ll answer my own question. If you’re SOA program is responsible for watching the blinking lights on your newly acquired SOA Management tool, or making sure that people enter their ‘accidental’ services into your flashy registry, I’ll recommend that they shut you down. This is a waste of time. The SOA group must be given the imperative and authority (a hunting license) to find waste in the enterprise and to destroy it. SOA isn’t about policing people on WS-Standards or similar crap – it’s about saving your company millions.

The Case for Planned Reuse

In my last post, I argued that the concept of ‘accidental services’ or ‘build it and they will come’ is a bad idea – because … they typically don’t come. Services that are created with a very specific consumer in mind are typically limited in capability, scope and result in limited reuse.

The MomentumSI Harmony method suggests that service analysis be performed on the first consumer’s needs as well as potential consumers that aren’t in the immediate scope. This is easier said than done. How do you identify the requirements of a service if you have ‘phantom consumers’?? The short answer is that there are techniques that involve looking at UI models, process models, data models and other artifacts that will give you insight into the domain. The result is a list of potential consumers and a plan for their eventual consumption. The point is that there are techniques to help organizations define services according to a plan – and doing so leads to increased reuse and a better software portfolio.

Again, Planned Reuse is most effective when you’re working in a new domain and you don’t already have a bunch of conflicting/overlapping software that exists. The immediate project might call for an ‘Order Service’, but you know that the service will eventually be called by the Web eCommerce system, the call center software, the B2B gateway, etc. Those projects aren’t in scope – but you consider their needs when designing the service.

This is all fine, but what happens when you’re analyzing a service for an immediate project that clearly should be called by existing projects/software? This is the case for Expropriated Reuse.

The Case Against Accidental Reuse

"Accidental Reuse" is a term that I've been throwing around a lot lately. In layman's terms, it means, "If you build it, they will come." This notion has been disproved in virtually every field (except in the Field of Dreams) - and I suggest it is even more unlikely in the field of software engineering.

It has been my observation that most software engineering teams suffer from a bad case of 'not invented here' syndrome. We work in a discipline that is not regulated and the certifications are a joke at best. Most programmers don't have engineer training - and most architects have learned from doing and observing. In short, there are good reasons for one team to not fully trust the output of another team. We also have the issues of human entitlement. It's been my observation that a generation of software developers has been created who feel that they are entitled to 'not be bored' and 'deserve cool problems'. Once again, we have people who feel the need to create new stuff - not reuse.

I could go on - but I'm guessing there is no need. Anyone who has been in the industry has seen the problems. This leads back to my original point - accidental reuse is a bad idea. And here, I'm as guilty as the guy sitting next to me on the last 20 panels where I've been on telling the world to 'build it and they will come'... design for reuse... create services... register the services... and they will come. Apologies.

Most SOA report cards that I get still show metrics on: how many services there are, how many consumers there are or how many times the service has been called. These are fine metrics but in my humble opinion leave behind one very important metric: how many unknown consumers use the service? (accidental reuse, planned reuse & expropriated reuse)

Now it gets interesting. My aggregate data shows that most services are built with one consumer in mind and almost 80% of all transactions go through the original consumer. Less than 2% go through 'accidental channels'. Of the 2%, most of those were for externally facing systems (B2B) where advance knowledge of consumption is limited or they were in 'technical' or 'entity' services where they offered limited functionality and in some cases, limited return.

The remaining 18% go toward 'planned reuse' or 'expropriated reuse'. This number is too low - but this is the opportunity. More on this later...

Coming next:

- The Case for Planned Reuse

- The Case for Expropriated Reuse (right of eminent domain)

New Blog on Cloud Computing

SOE isn't dead but my primary go-forward blog will be:
http://cloudv.blogspot.com

Nomination for Federal CTO

From the Barack Obama campaign site:

"Obama will appoint the nation's first Chief Technology Officer (CTO) to ensure that our government and all its agencies have the right infrastructure, policies and services for the 21st century. The CTO will ensure the safety of our networks and will lead an interagency effort, working with chief technology and chief information officers of each of the federal agencies, to ensure that they use best-in-class technologies and share best practices."

I nominate Tim O'Reilly as the first Federal CTO. Do I hear a second??

Is Amazon Competing with RightScale?

It looks like RightScale is going to be a 'multi-cloud management suite', see;
http://www.allthingsdistributed.com/2008/10/using_the_cloud_to_build_highl.html#comment-2061

16 Corrections on Cloud Computing

In March of 2008, RedMonk analyst, James Governor, submitted his list of "15 Ways to Tell if it's not Cloud Computing".

The consultants at MomentumSI have found 16 corrections:

Real World SOA

It was my pleasure to be a guest on the Real World SOA Podcast with David Linthicum. Take a peek:

http://weblog.infoworld.com/realworldsoa/archives/2008/10/my_conversation.html

Topics:
- How do we help organizations with SOA?
- What is the purpose of a SOA methodology?
- What is the next big thing???

Talking to the Business about SOA

Recently, there's been more chatter about how (or if) you should talk to the business about SOA. Yesterday, I sat in on the SOA Consortium conference call where this was the main theme. Interestingly, the moderator posed the questions and a couple participants were quick to respond... "we don't talk to the business about SOA..." The moderator took it in stride and started down the path of business and I.T. alignment - and once again the participants pushed back. Not to be dissuaded the moderator went down the BPM path. Once again, the participants pushed back. The group commented that, "talking SOA is too abstract for the business" and there was a "need to talk about business specific functionality vs just high level Agility and Change".

After attending this call, I stumbled on to Joe 2.0's blog post on the exact same topic! Even funnier was that he was quoting Jean-Jacques Dubray (JJ), who I had a 3 hour phone call with on the subject just days earlier. JJ had commented, "My experience is that the key people that you have to focus all your energy on are the developers, architects, business analysts, QAs and operations."
Joe 2.0 goes on:

Dubray says SOA is a “pure IT problem.” But in this era of the online collaborative organization, when we rely on technology for every aspect of our business, are there really any “pure IT” problems?

I don't want to split hairs... but IMHO, the answer is, "yes, some problems are just I.T. problems". Sure, I.T. problems, like HR or garbage collection, may bubble their way up to become a business problem, but at the end of the day I.T. has to figure out how to do their job and go do it. When the janitor picks up the trash in my office they do it in the most efficient way they know how. They don't ask 'the business' if they should do it efficiently - they just do it. When did I.T. become such wussies?

I'm a big believer in talking to business about whatever they want to talk about... Inventory Visibility? Love it. Customer Loyalty? Love it. New Product Introduction? Love it. That said, I believe it's I.T.'s responsibility to bring technology solutions forward. Most business people understand things like forms, window, graphs, reports, etc. They understand visual deliverables (not invisible deliverables like WSDL's). I think that is why we're seeing the most successful SOA shared service centers adopting capabilities around Rich Composite Applications, Mashups and other edge-of-the-enterprise development capabilities. They engage with the business about business problems and then use mashups and other techniques to quickly demo/prototype/build solutions that their users can relate to.

If you're looking for inspiration on this process, I'm happy to recommend a book on the subject, Mashup Corporations.
The authors do a great job of walking the readers through a fictional company. As business problems are encountered, they introduce Web 2.0 and mashup solutions. Prototypes are put together and the concepts are tested out. SOA is discussed as the 'efficient way' to make it happen. Again, they didn't talk to the business about SOA (or even services)!

PaaS Enables New ROI

If you haven't already checked out Amy Shuen's book, "Web 2.0: A Strategy Guide", you should grab a copy; it's worth the read. Amy discusses the trends around Web 2.0 in the clearest, most concise manner I could have hoped for. Enough bragging about her book - one of her diagrams inspired me to think about the effects that PaaS has on the Enterprise I.T. development model.

Amy pointed out that a version of the Long Tail lives in the I.T. application development world. Certain business problems (ie, order management) have a very real and significant value proposition; these systems are often purchased from ISV's. The next set of applications often have slightly less of an ROI and are often built by the I.T. custom development group. In many cases these are departmental applications or add-on's to the procured systems. Recently, new SaaS solutions are finding their way into the enterprise because they fulfill point-requirements and have a low-cost of entry.


In the past, this left lots of business problems in the hands of shadow I.T., or power-users. But all too often new systems concepts were taken to the I.T. review board and turned down because they didn't project an adequate ROI. The return on some of these systems may have been rewarding, but the initial investment (hardware, infrastructure licenses, long development cycles, etc.) drove down the overall ROI to the point where the idea was rejected. These systems are prime candidates for PaaS, where the initial investment is significantly decreased by the pre-hosted, pay-by-the-drink model. Once again, hosted platforms will likely be the key enabler of long tail opportunities.

The long tail model of reviewing new system requests is an interesting method for I.T. governance and planning committees to consider. It is my belief that if enterprise organizations fail to meet the needs of the long tail, they will be met by other 3rd party providers who will be all to willing to help!

Services, Mashups & Cloud: Puma

Imagine for a moment that Olympics took place in China – and all the world came out to watch. You’re with a shoe company called Puma, who for many years hid in the shadow of branding giant Nike. But this Olympics you made some interesting bets, including a big bet on a Jamaican sprinter named Usain Bolt. This distinguished athlete proceeds to win the gold and to destroy the world record – and to your delight holds up a pair of your shoes. What a dream.

For a brief period you own the consumer. Search engines are bombarded with “Usain Bolt” and even “Puma runner”. Your online store is blasted with orders but now every outlet that carries ‘hot tickets’ wants to resell the Usain Bolt Limited Edition shoes. Orders are coming in from channels you’ve never even heard of. New channels, new orders, new customers are abound and new demands are being placed on your I.T. environment.

The world of API’s (or services), mashups and cloud computing are all upon us. As many businesses continue cut costs and hunker down for a ‘wanna-be’ recession, others are innovating and driving new sustainable revenue sources.

Services, Mashups and Cloud drive business opportunities for those who seek a competitive advantage.

Services, Mashups & Cloud: Photosynth

Imagine for a moment that a Microsoft research group finished a beta version of a project that they had dubbed ‘Photosynth’. Their pet project was to allow users to create panoramic virtual environments by using regular 2-D digital cameras. Users would merely take lots of adjacent pictures where the edges of one photo would overlap with the next. The photos would then be submitted online to a set of computers that would use artificial intelligence to transform the individual digital pictures into a panoramic viewing environment that could be witnessed by anyone who had the Internet and a browser.

For this to be interesting a few things would be needed. First, we would need lots of people who could contribute pictures (user generated content). Second, we’d need a whole bunch of computers to act as one to crunch on digital image matching algorithms. Third, we’d need the ability to host the image online and allow the proud publishers to pass around copies of their new site's URL to all of their friends, encouraging them to become publishers as well. Imagine now, that the this happened and that the traffic to the site increased by 140,000% in just 7 days. Imagine that.

The world of API’s (or services), mashups and cloud computing are all upon us. As many businesses continue cut costs and hunker down for a ‘wanna-be’ recession, others are innovating and driving new sustainable revenue sources.

Services, Mashups and Cloud drive business opportunities for those who seek a competitive advantage.

Services, Mashups & Cloud: Shelfari

Imagine for a moment that an online ‘virtual book store’, called Shelfari, created a widget that displayed pictures and descriptions of the widget owners favorite books. These widgets could then be embedded inside of blogs and social networks so that people could see what their friends or influencers were reading. We’d have to assume that the widget was viral in nature, allowing consumers to copy the widget and republish it with their own content at their own site. And like all things viral, the network of users grew at an exponential rate. The widget became so successful that Amazon.com decided it was time to acquire the company. The press related to the activity drove additional traffic to the Shelfari site to the point where response times were so long that new users couldn’t even sign up.

What if – what if widgets drove traffic and viral widgets drove huge traffic? What if personalization drove conversion rates and Web API’s enabled financial transactions? What if we could mashup content and community to drive commerce? What if the hardware automatically scaled to meet the needs of the user community?

The world of API’s (or services), mashups and cloud computing are all upon us. As many businesses continue cut costs and hunker down for a ‘wanna-be’ recession, others are innovating and driving new sustainable revenue sources.

Services, Mashups and Cloud drive business opportunities for those who seek a competitive advantage.

Joe McKendrick 2.0

Joe McKendrick is one of my favorite bloggers over at ZDNet. However, I've found some of his stuff to be a bit hum drum. That is, until I found his 'secret' posting site...

Joe 2.0 (like Jeff 2.0), is spending much more time thinking, writing and talking about all of the reasons that you did SOA in the first place. Want to check out some good reading?

Mashups: So Easy a Caveman Can Write Them?

and

Managing Data in the Clouds

Fundamentally, SOA has progressed from debating about ESB's, governance styles, REST vs. SOAP, etc. to a discussion on how to use the services to create new business functionality through mashups, while delivering on low cost platforms (cloud and PaaS). Joe 2.0 gets it.

Are you 2.0?

Amazon Sends Death Blow to I.T. Data Center

The time of death for the corporate data center was pronounced at 11:03EST, August 21st of 2008. Forensic pathologists continue to investigate the death, however, it is known that the patient had stability issues, persistent hemorrhaging and had been considered terminal.

Thousands of companies have mortally wounded data centers. Unfortunately, CIO's lacked a viable replacement for this archaic agility anchor. In essence, they've been forced to keep them on life-support. Billions of dollars have been pumped into various unsuccessful attempts to heal the patient. Billions more have been spent on 'Data Center Hospice'. Jeff Schneider, MomentumSI CEO commented, "When it becomes it was clear that the patient will die, corporations shift their thinking to 'reducing the pain'. This largely involves moving labor intensive data center tasks to low-cost offshore facilities."

Although some debate remains if the data center is actually dead. Schneider stated , "Yes, the data center has a heart beat, however the beat coincides with the I.T. family beating on the heart with their fists, insisting that the patient isn't dead."

Congratulations to Amazon on delivering the last critical element of their Elastic Cloud Computing offering.

The 7 Dirty Words of SOA

I recently had a conversation with one of my good friends at IBM. He had mentioned that IBM is doing a better job of differentiating between "Business SOA" and "I.T. SOA". Interesting... what did he mean? After drilling him with questions it came down to this:

- I.T SOA is about running a more efficient Information Technology group

- Business SOA is about creating new information products and capabilities

This resonated with me. It sounded very similar to the conversations I've had with people at SAP. They have positioned SOA as a technology enabler to their large suite of business applications. They sell business solutions. And as one SAP insider put, "... and of course those solutions are Service Oriented... it's 2008!"

These conversations were music to my ears. IBM and SAP are both back to attacking business problems and are making the assumption that SOA is in place and acts as the enabler.

In Business SOA we need to think about a new set of "Business SOA Patterns":

- How do we deliver new business products through new channels?

- How do we deliver more/better information to our distributors, retailers and consumers?

- How will consolidated/shared information lead to a tighter supply chain?

It's been too many years of people talking about ESB's and other I.T. focused trivia. With that said, the 7 Dirty Words of SOA are:

1. Loose Coupling


2. Abstraction


3. Reuse


4. Autonomous


5. Discoverability


6. Composability


7. Interoperability

Yes, it's time to move past "I.T. SOA"...