Back to Home
 

Author Archive: Alistair Croll


Alistair covers emerging web technologies, networking, and online applications for research firm Bitcurrent, and runs Rednod, a startup accelerator for early-stage technology ventures. In 2000 he co-founded Coradiant, today a leader in online user monitoring, as well as research firm Networkshop. He has held product management positions with 3Com Corporation, Primary Access, and Eicon Technology. Alistair contributes to industry events such as Interop, Web2Expo, the SIIA Software Summit, Enterprise 2.0, eMetrics, and Structure. He writes for a variety of online publications including GigaOm and Bitcurrent, and is the author of numerous articles on Internet performance and security, as well as Managing Bandwidth: Deploying QOS in Enterprise Applications from Prentice-Hall and the forthcoming Complete Web Monitoring from O'Reilly.

Posts:

 
Published by

This isn’t a simple question to answer.

First of all, cloud computing is hidden behind a fog of abstraction. Whereas IT could once instrument every element of an application, today applications are like Descartes’ brain in a jar—never quite sure if they’re real, or virtual.

Second, on the surface many service providers’ goals aren’t aligned with those of their customers’. Service providers want to maximize revenues, and want the freedom to do with the underlying infrastructure what they will. That’s how they stay in business and make the most of what they have. Without that freedom, they lose economies of scale and skill. By contrast, customers want special treatment, and instrumentation all the way down the stack.

Third, people don’t really understand metrics well. Despite decades of criticism, we still use averages, even though they hide important fluctuations in service quality that can warn of bigger problems before they become disasters.

There’s a bigger problem here, however. For half a century, IT has been about protecting precious resources. The reason you put up with carrying a stack of punched cards to the basement of the computing building at 3AM was because the mainframe was scarce, and the humans abundant. No more: each of us has three screens, one of which is seldom more than a meter from our bodies at any time.

That means we’re less concerned about the consumption of resources and more concerned about the completion of tasks. We shouldn’t really care if the CPU is idle or maxed out, provided that the user accomplish what they set out to do. Proponents of Service Level Agreements have long known this, but cloud monitoring, hiding behind the fog of virtualization, drives it home hard.

Application Performance Management and Real User Monitoring have long been thought of as “advanced” forms of measurement*. These go beyond up/down metrics or numbers related to utilization, and instead look at the success of the application from the user’s point of view. They’ve often languished somewhere between web analytics (which show you what users did) and synthetic monitoring (which shows you whether the site is working.)

Today, however, the real question is: could they do it, well? There’s great evidence that slow applications undermine productivity, cost money, and cut into revenues. Slow clouds need fixing. To do this, I think we need to go beyond APM, and start with the business problem. Too often, IT professionals start at the bottom and work up. “Server 10 is down, which means the support site isn’t working, which means the phone queue is too long, which impacts our customer satisfaction rating.” They begin with the means, and work back to the end.

Instead, I think we need to step back and look at the business model. From that, we can derive the relevant metrics, and what’s considered an acceptable threshold. Then we can measure against those thresholds, and report on violations. That’s a much more palpable approach to measurement for executives. Starting at the model and working down says we say, “7% of visits need to result in an enrollment for us to meet our monthly target.” From that, we can measure the steps of an enrollment, and their performance against the past or response targets.

When we owned the infrastructure, this was considered progressive. But the fog of cloud monitoring means it’s often the only way we can measure. It lets us size cloud consumption, which in turn lets us define budgets—since with the right architecture, you can have any performance you can pay for. And it leads to good metrics, since it’s focused on rates and exceptions rather than averages.

We’ll be talking about how to measure cloud-based applications at this spring’s Cloud Connect event in Santa Clara. In fact, we have a whole track of content dedicated to it, including sessions on WAN, application delivery networks, load-balancing, and choosing the right metrics. Clouds are the IT of abundance, and they fundamentally change how we measure applications. Let’s figure out how.

 
Published by

Each year at Cloud Connect, we try to look ahead to what the next twelve months hold. To many of us, the future was really the removal of the word “cloud.” Just as “web applications” are now just “applications”, so technologies like “cloud storage” are just “storage.” Similarly, cloud computing will soon just be “computing.”

Does that mean the future of something like Cloud Connect is simply “connect”? Sort of. New technologies are seldom interesting in their own right. Rather, they’re interesting for what they make possible.

Y-Combinator founder Paul Graham describes a startup as an organization designed for rapid growth—and he means rapid. He wants to see a 5-10% increase in users or revenues every week for companies within his accelerator. While he says that startups aren’t necessarily technology, it’s very likely that they are. That’s because technology does two things:

  • It disrupts a market. There’s not much new about Uber driving people around. We’ve had taxis for centuries. But the ubiquity of mobile applications with location awareness is new, and that’s disrupting a big market quickly. So technology can trigger a rapid change in an existing market. Growth.
  • It makes a new market. The online search industry didn’t exist twenty years ago. Today, it’s worth billions. Technology creates entirely new businesses even as it leaves old ones crumbling. 3D printing might usher in an era of manufacturing at the edge, even as it destroys traditional just-in-time logistics.

And this is why clouds are interesting. Not in their own right—they’re rapidly becoming another tool in the IT toolbox, albeit an extremely flexible one. Clouds are interesting because they make computing frictionless. They allow organizations of any size to achieve the kinds of scale and growth Graham demands of the companies he helps launch.

A couple of years ago, we joked that “big data gives clouds something to do.” There’s a lot of truth to this. Big Data itself isn’t new—and it isn’t mounting the peak of a hype curve, despite what Gartner says. Big Data has been around for ages, as anyone from a company like Teradata, IBM, Oracle, or Microsoft will tell you. What’s new about big data is the democratization of analysis. Anyone who runs a Facebook Graph Search today has more power, and more access, than any three-letter-agency in Washington dared dream of a decade ago.

And powerful, democratized analysis is a game-changer for society. It’ll alter how we work and play; how we learn and love; and how we make decisions. All because of cloud computing, which provides the elastic, on-demand undercarriage for vast analysis.

In the Futures and Disruptions track at Cloud Connect this spring, Cascade Insights’ Sean Campbell will lay out four possible futures for cloud computing in the next few years, encouraging IT professionals to hedge their bets. Allan Leinwand, whose career spans executive technology roles at Cisco, Digital Island, Zynga, and Servicenow, predicts where cloud platforms are headed. And serial entrepreneur Margaret Dawson joins Savvis’ Ed Saipetch to speculate on the future of data—and whether it’s headed for anarchy or trust.

It promises to be a fascinating look at where technology is headed, even as clouds themselves quietly blend into the fabric of everyday computing.

 
Published by

If you read the brochures, Clouds promise—apparently—limitless capacity, pay-as-you-go economics, and freedom from the drudgery of maintaining and upgrading the boxen that litter your data center.

 

At the same time—if you believe the hype—they’re compatible with on-premise infrastructure, and it’s easy to run applications in clouds for testing and even production. IT managers can control the operating system, server configuration, architecture, and everything else.

 

Cloud computing can absolutely deliver elastic, fire-and-forget capacity on demand, without any need to tweak the underlying machines. This is called Platform as a Service: developers paste their code into the cloud, and it just runs. On the other hand, a cloud can be heavily customized, giving customers control over nearly every aspect of their environment, from network topology, to machine configuration, to what runs when and where. This is called Infrastructure as a Service: you get a command line, a library of virtual infrastructure, and all the machines you can afford. You just can’t get both at once.

 

This isn’t just disingenuous. It sets impossibly high expectations. It can undermine the real value clouds offer, because it makes IT professionals (and the less-than-technical managers to whom they report) think that they can have their cake and eat it, too. Cloud computing is about tradeoffs. The basic model of public clouds is based on an economy of scale. The cloud provider spreads costs across a large number of customers, who share common platforms. The more that a customer needs to customize things, the smaller the scale against which to economize. Consider the geographic location of data. Many companies are concerned about where their data goes—in fact, one IT executive I talked with recently confidently stated, “with clouds, you don’t even know what country your data is in.” That’s simply not true. If you choose a cloud that doesn’t make any guarantees about data, then the provider is able to choose the best place for information based on cost, law, latency, reliability, and so on.

 

On the other hand, Amazon lets users choose from four Availability Zones, two of which are inside the U.S. But if a cloud customer wants to be more specific—choosing the city or even the data center—then the cloud provider can’t find an economy of scale. Costs will rise, the range of available services will shrink, and the customer may as well rent their own rack.

 

Clouds are also about automation and standardization. Cloud providers want to design single points of failure and manual tasks out of their offerings. The more a customer is willing to co-operate and abdicate opinions, the more automated and reliable a service they can use. By coding to App Engine and Bigtable, Google’s customers get immediate elasticity and detailed accounting of what’s happening. In return, all they have to do is give up their opinions about storage architecture and programming language.

 

Cloud Computing is a valuable new tool in the IT toolbox. But not clearly explaining the tradeoffs and nuances, its proponents are making promises the cloud simply can’t deliver.



 
Feb.
10
2011

The End of Perimeters


Published by

Cloud computing is upending many assumptions that we make as IT professionals. An important, and often overlooked, one is the death of perimeter security.

As humans, we like borders. We like to know that what’s outside is bad, but we’re safe on the inside. That’s led to terms like the demilitarized zone (DMZ), which describes the no-man’s-land between our internal, soft underbelly and the Wild West of the Internet.

The border’s days are numbered, however. The false sense of security that perimeters offer vanishes when applications move to an on-demand environment like a cloud. We have less control over what lives where—indeed, if we’re designing our cloud architectures properly, then systems come and go according to demand, often running on whatever hardware has just become free.

A more modern way of thinking about security is to consider the behavior of the application. This is something makers of antivirus software and proponents of end-node security have long called for, but with clouds, it’s a necessity. Tomorrow’s application and its security permissions are inextricably linked. The application may even have different security behaviors depending on where it’s running in order to meet compliance requirements.

Cloud providers can hire smarter security professionals than the rest of us. They also represent a disinterested third party which, in theory, cares less about our businesses—and as a result, can do less damage—than internal employees. At the same time, clouds are a shared resource that present tantalizing new weaknesses for attackers.

At Cloud Connect this year, we’re tackling the subject of cloud security in two ways. First, there’s a Monday CloudSec workshop run by Rational Survivability’s Chris Hoff (whose excellent, and refreshingly blunt, blog covers cloud security in detail.) And in our main conference, Intel’s Steve Orrin is running a series of sessions on cloud security.  Expanded coverage on security is one of many new additions to this year’s Cloud Connect workshops and conference tracks.

 
Published by

We’re introducing a new event to Cloud Connect this year, and it’s an indication of how much utility computing has matured since last year’s inaugural event.  Here are some thoughts on the Cloud Performance Summit, and why performance may be this year’s hot topic for on-demand computing.

In the early stages of any industry, the discussions focus on the “why” and “what.” Clouds are no different: we wanted to know what clouds were—with the inevitable debate over taxonomy and definition—and we hunted for reasons to embrace them, or to refuse them, depending on our own agendas.

But by now, most enterprise IT professionals have accepted that cloud technology is inevitable, and that third-party cloud providers deserve a place in their toolbox. Put another way, we’ve moved from tender embraces and heated arguments to the dispassionate world of the prenup. We want to know, can clouds deliver, and if they can’t, what can we do about it?

Performance is a tough subject. For one thing, cloud providers offer a shared resource. It’s the basis of their economic value proposition. And a shared resource means things like oversubscription, badly-behaved neighbors, and having to fight for service quality.

But it’s not just about sharing computing resources with others. For decades, IT has worked with a simple equation, namely, that the performance of a system is a function of how many people use it, and how much capacity it has. Roughly speaking, more users means a slower application, and more computers means a faster one.

Clouds offer capacity on demand. They’re elastic. Which means that in the demand/capacity equation, capacity is effectively limitless. If you want things to go faster, you can pay for additional capacity. And that’s why performance matters: it’s directly tied to your costs.

Consider air conditioning. With your own power, there’s a limit to how much you can cool a house. If you want it colder, you don’t have enough electricity to run your appliances; if you add a bigger generator, you can cool it more. But once you’re hooked up to an electrical grid, you can cool the house far more—and your bill will show that. With clouds, it’s not cooling, it’s performance.

Badly written code costs money, too, when you’re paying by compute cycle. Amazon’s Cloudfront CDN is forcing other application accelerators to offer pay-as-you-go pricing, which means more and more of the performance problem is now a billable cost.

At Interop New York, a panel of performance experts concluded that performance may in fact be a bigger problem than security—after all, there are security certifications on which customers can rely, but there’s precious little guidance when it comes to outages and latency. A Queen Mary University study concluded that the vast majority of cloud providers offer no guarantees in their terms of service, and if they do, then compensation is limited to a refund of service costs.

Making things even worse is the complexity of cloud deployments, which often involve many providers and components, and are harder to diagnose and instrument than in-house, centralized applications.

So we’re really excited about the summit. It’s bringing together vendors, end users, and performance experts in a relatively informal, open format to discuss some of these hard issues. It’s the first time we’re running it, but we’re already certain it won’t be the last.

 
Jan.
25
2011

4 Days in the Cloud


Published by

Cloud Connect 2011 is shaping up to be a superb event. As utility computing becomes a tool in the enterprise IT tool chest, we’re adjusting the curriculum. So this year, there’s a focus on performance, measuring and management of clouds — something enterprises demand. There’s more emphasis on cloud security. And there’s a detailed look at how to connect on-premise and on-demand computing resources.

But at the same time that the industry is becoming more mature, there are still many IT professionals who need a foundational understanding of what it means to use clouds. To accommodate this, we’ve also put together a “cloud crash course” pre-conference workshop that tackles many of the fundamental changes that clouds bring about — from throw-away servers, to eventually consistent data, to sharding, to the end of perimeter security.

As with last year, we’ll start with a day of in-depth workshops, and then we’ll have three days of conference sessions and fast-paced, thought-provoking keynotes. Last year, we really pushed the envelope on the main stage, and we’re working hard to bring the same short, packed format this year.

- Alistair Croll
Conference Chair, Cloud Connect

 

 
  • LinkedIn
  • Photos
  • Blog