|
|
|
|
IT MANAGEMENT RESEARCH,
INDUSTRY ANALYSIS AND CONSULTING
Executive Summary
ENTERPRISE MANAGEMENT ASSOCIATES® (EMA™) analysts estimate just 11% of enter-
prises plan to implement cloud computing (“convenient, on-demand network access to a shared pool
of configurable computing resources”) in the coming 12 months. Yet cloud is a mega-trend with lots
of interest, lots of hype, and, like every “new frontier,” too many cowboys, and not enough sheriffs.
Cloud is a mega-trend with lots of interest, lots of hype, and, like every
“new frontier,” too many cowboys, and not enough sheriffs.
To counter this “wild west” approach, EMA analysts surveyed 159 enterprises with active or imme-
diately planned cloud deployments to investigate what EMA calls “The Responsible Cloud” – a new
paradigm for a well-managed, secure, compliant cloud that delivers reliable and efficient business
services.
With 75% of respondents, the private cloud is the preferred model. Most respondents (52%) are
implementing both on-premise and off-promise cloud. Most (67%) favor a “Software as a Service”
(SaaS) delivery model. Leading use cases include data storage, dev/test, and Web hosting.
Service improvement and cost reduction are the most important drivers and the strongest outcomes.
Over 75% of enterprises report CapEx and/or OpEx savings – on average over 20%. However, HR
issues, politics, lock-in, and management are all rated as critical barriers to success.
IT Automation disciplines are rated as highly important to cloud computing by around 70% of enter-
prises, in some cases higher than traditional data centers. Availability, response, and utilization are all
critical metrics for cloud service performance. Most organizations plan to implement systems manage-
ment suites to manage and automate their cloud deployments.
Service Management disciplines correlate strongly with better outcomes for maturity, confidence, cost
savings, security, and accountability. Two thirds of the respondents believe a CMDB or CMS would add
visibility and confidence in cloud deployments; two-thirds also plan to implement a Service Catalog.
Security and compliance is the leading decision factor in choosing cloud technologies or providers.
Only half of all enterprises would consider a cloud provider that had experienced a security breach.
Concerns include control, privacy, data movement, and vulnerability. Security is also the top reason
why many consider cloud computing as tactical, rather than strategic.
Informed by this research, EMA has developed a prescriptive model for building the Responsible
Cloud, combining virtualization, IT automation, service management, and security, to build maturity
from virtual infrastructure management, through virtual systems management, to virtual service man-
agement, and finally to a dynamic, business-driven, cloud service.
The Responsible Cloud
©2010 Enterprise Management Associates, Inc. All Rights Reserved.
Page 1
IT MANAGEMENT RESEARCH,
INDUSTRY ANALYSIS AND CONSULTING
Introduction
Cloud computing is a new mega-trend in IT, and the latest in a series of new frontiers in IT. Like any new
frontier – be it the Wild West, the new territories, or previous technology innovations – there is a great
deal of interest, opinion, hype, and claim-jumping, but very little real knowledge or understanding.
And just like the early days of the Wild West, there are too many cowboys, and not enough sheriffs.
ENTERPRISE MANAGEMENT ASSOCIATES® (EMA™) analysts believe it is time to move past
opinion and theory, put aside simplistic and idealistic notions, and address the realities of cloud com-
puting with fact-based research. If cloud computing is to become real for responsible enterprises, then
it must be realistic, practical, and responsible.
If cloud computing is to become real for responsible enterprises,
then it must be realistic, practical, and responsible.
This report moves ahead of the curve to provide insight into “The Responsible Cloud” – a cloud
computing paradigm that is well-managed to provide secure, compliant, high quality business services.
Based on an EMA survey of respondents from mid- to large enterprises, this report looks at the key
drivers, outcomes, technologies, disciplines, and approaches to cloud computing that make up the
Responsible Cloud.
This research focuses on the real experiences of enterprises that have either an existing production
implementation, or immediate (12-month) plans to deploy one. It therefore provides a unique perspec-
tive based on data and insight provided by practitioners, managers, and executives with real, current
experience of cloud computing, specifically excluding the uninformed opinions and “management by
magazine” approaches that are prevalent in many current cloud computing discussions.
This EMA research report defines cloud computing, explains key drivers and benefits, looks at real-
world deployments, explains cloud management disciplines, and analyzes the fundamental realities of
the Responsible Cloud.
It also provides a prescriptive model for a realistic deployment of cloud computing that is efficient,
effective, and above all, responsible.
Defining Cloud Computing
Many definitions of cloud computing are available. Unfortunately, many (perhaps most) are self-serv-
ing, targeted by vendors, service providers, consultants, and other vested interests to advance their own
commercial agendas. Enterprises especially should be wary of these definitions.
Fortunately, there are independent organizations that are tasked with exactly this – such as the US
National Institute for Standards and Technology (NIST).
The US government and millions of people around the world trust NIST to define the official time for
all of the United States1, to calibrate instruments for NASA, and to supply industry, academia, govern-
ment, and other users with over 1100 reference materials2.
1 See http://time.gov
2 NIST Standard Reference Materials, http://ts.nist.gov/measurementservices/referencematerials/index.cfm
The Responsible Cloud
©2010 Enterprise Management Associates, Inc. All Rights Reserved.
Page 2
IT MANAGEMENT RESEARCH,
INDUSTRY ANALYSIS AND CONSULTING
The US government is using NIST to define cloud computing, as noted by US Federal CIO, Vivek
Kundra3. Indeed, Kundra has strongly indicated that the US government will be one of the strongest,
largest, and most important proponents, providers, and consumers of cloud computing (such as with
sites like apps.gov and data.gov). Other levels of government – and even other nations – will almost
certainly follow their lead, and the NIST definition of cloud computing.
NIST has a very elegant definition that is:
• Intelligent – it has been through (to date) 15 iterations, and has accepted input from many of the
brightest minds in cloud computing
• Independent – it is from a mature, well-established, and exceptionally talented US government
agency, which is both apolitical and science-based
• Commercially agnostic – it does not specify that anyone needs to be making money, nor does it
preclude it, allowing cloud to be B2B, B2C, B2G, G2C, or any other model
• Accommodating – all established cloud vendors fit into this definition, as well as private and
government models.
• Clear – it is not full of jargon or “cloudwash,” but rather has easily understood, plain English
concepts that are not only unambiguous but also usefully prescriptive
• Comprehensive – it includes all the important core concepts such as self-service, resource pooling,
rapid elasticity, accessibility, usage costing, multiple use cases, and more
• SMART – it does not try to create anything exceptional or outrageous, but does define a set of
Specific, Measurable, Achievable, Relevant, and Timely objectives
Given these antecedents, EMA believes that yet another new definition is neither helpful nor necessary,
and has therefore adopted the NIST definition of cloud computing as follows.
Core Definition of Cloud Computing
NIST defines cloud computing as4:
“a model for enabling convenient, on-demand network access to a shared pool of configurable
computing resources (e.g., networks, servers, storage, applications, and services) that can be
rapidly provisioned and released with minimal management effort or service provider interaction.”
Note that while this requires computing services must be accessible across a network, it does not neces-
sarily require that they be accessible across the public Internet. However, it does require resources be
pooled and reusable, rapidly reconfigurable, and accessible with little manual intervention from IT staff.
Essential Characteristics
NIST includes in its definition five essential characteristics:
“On-demand self-service: A consumer can unilaterally provision computing
capabilities, such as server time and network storage, as needed automatically
without requiring human interaction with each service’s provider.”
3 Kundra, V., The White House Blog, ‘Streaming at 1:00: In the Cloud’, http://www.whitehouse.gov/blog/streaming-at-100-in-the-
cloud/, retrieved 12/07/2009
4 NIST, Cloud Computing, http://csrc.nist.gov/groups/SNS/cloud-computing/ , retrieved 12/17/2009
The Responsible Cloud
©2010 Enterprise Management Associates, Inc. All Rights Reserved.
Page 3
IT MANAGEMENT RESEARCH,
INDUSTRY ANALYSIS AND CONSULTING
Note that this is really two characteristics – it must be on demand, and also self-service. Self-service
implies user-accessible resources and/or services, but does not necessarily mean immediacy. On-
demand, however, almost certainly requires near-immediate resource or service provisioning, and by
inference a reasonably sophisticated level of IT automation.
“Broad network access: Capabilities are available over the network and
accessed through standard mechanisms that promote use by heterogeneous
thin or thick client platforms (e.g., mobile phones, laptops, and PDAs).”
As noted, cloud services must be networked, but again do not require Internet access. Access to those
services must be somehow standardized, but the standardization is left open to include, for example, a
Web services interface, a “standard” API/SDK, an HTTP interface, etc. The key here is not necessarily
the type of access, but that it is transportable across multiple platforms, including especially mobile
platforms.
“Resource pooling. The provider’s computing resources are pooled to serve multiple
consumers using a multi-tenant model, with different physical and virtual resources
dynamically assigned and reassigned according to consumer demand. There is a sense
of location independence in that the customer generally has no control or knowledge
over the exact location of the provided resources but may be able to specify location at
a higher level of abstraction (e.g., country, state, or datacenter). Examples of resources
include storage, processing, memory, network bandwidth, and virtual machines.”
Here NIST gives a (non-exhaustive) list of examples that constitute a “resource” – “storage, pro-
cessing, memory, network bandwidth, and virtual machines.” Resources must be made available on-
demand, so it makes sense that resource pooling is a pre-requisite. It notes the inclusion of multi-tenant
computing, abstraction, and of both “virtual resources” and “virtual machines” – all of which imply
virtualization (especially application or server virtualization) is a necessary component. However, it
also allows for physical resources of some kind, as long as they can be assigned and reassigned at will
(a difficult task for physical server resources, but commonplace with fundamentally shared resources
such as bandwidth, memory, or storage).
This characteristic also states that services should have a sense of location independence – at least from
the perspective of the resource or service consumer – which is implied at least by network accessibility,
but notably does not mean actual location independence. As long as the consumer does not need to
know the location, that is sufficient.
“Rapid elasticity: Capabilities can be rapidly and elastically provisioned, in some
cases automatically, to quickly scale out and rapidly released to quickly scale
in. To the consumer, the capabilities available for provisioning often appear
to be unlimited and can be purchased in any quantity at any time.”
This is clearly a critical feature of cloud services, and in itself excludes many pseudo-clouds (such as
many hosting or co-location providers) that only provide simple fixed resource allocations, include
implicit or explicit resource limitations, or entail complex scale-out requirements and approvals.
The Responsible Cloud
©2010 Enterprise Management Associates, Inc. All Rights Reserved.
Page 4
IT MANAGEMENT RESEARCH,
INDUSTRY ANALYSIS AND CONSULTING
One word here is particularly important – “appear.” NIST does not say cloud computing is infinitely
scalable – just that it should “appear” that way. It is also important that this is not universal, but only
that it will “often” seem to provide perfect elasticity. NIST is recognizing the fact that any IT deploy-
ment has inherent limitations – such as hardware, floor space, or power availability – and these may
sometimes become apparent to the consumer, and may result in actual limits on resource pools.
“Measured Service: Cloud systems automatically control and optimize resource use by leveraging
a metering capability at some level of abstraction appropriate to the type of service (e.g., storage,
processing, bandwidth, and active user accounts). Resource usage can be monitored, controlled,
and reported providing transparency for both the provider and consumer of the utilized service.”
It is important to note that measurement is an essential characteristic; however it does not have to be
specifically a cost measurement. CPU, bandwidth, storage, or really any other measurement still is an
acceptable qualification. In addition, the measurement is aimed at providing control and optimization,
but need not actually be applied to any specific mechanism, such as chargeback. External or internal
pay-per-use with chargeback capabilities clouds are just one model; internal enterprise cloud is another,
and may not assign the cost of measured services at all.
Service Models
NIST also defines three service models:
Cloud Software as a Service (SaaS)
“The capability provided to the consumer is to use the provider’s applications running
on a cloud infrastructure. The applications are accessible from various client devices
through a thin client interface such as a web browser (e.g., web-based email). The
consumer does not manage or control the underlying cloud infrastructure including
network, servers, operating systems, storage, or even individual application capabilities,
with the possible exception of limited user-specific application configuration settings.”
This is a typical model in use by many commercial Internet-based software providers and consumers
today – including available Web-based services for CRM, e-mail, office productivity, file storage, and
more – and arguably by a small selection of more sophisticated enterprise IT departments (those that
adhere to the essential characteristics above). Often this is very accessible, even directly by end users,
using a credit card, or even taking advantage of free services.
Cloud Platform as a Service (PaaS)
“The capability provided to the consumer is to deploy onto the cloud infrastructure
consumer-created or acquired applications created using programming languages and tools
supported by the provider. The consumer does not manage or control the underlying cloud
infrastructure including network, servers, operating systems, or storage, but has control over
the deployed applications and possibly application hosting environment configurations.”
This is a baseline environment that provides a platform for application development and/or execution.
It could include a specific or selectable Java Runtime Environment or Development Environment
(JRE/JDE), an Integrated Development Environment (IDE), a standard database, middleware, applica-
tion and/or Web server, etc., or whatever else is needed as a platform to develop or run applications.
The Responsible Cloud
©2010 Enterprise Management Associates, Inc. All Rights Reserved.
Page 5
IT MANAGEMENT RESEARCH,
INDUSTRY ANALYSIS AND CONSULTING
Cloud Infrastructure as a Service (IaaS)
“The capability provided to the consumer is to provision processing, storage, networks,
and other fundamental computing resources where the consumer is able to deploy
and run arbitrary software, which can include operating systems and applications.
The consumer does not manage or control the underlying cloud infrastructure but
has control over operating systems, storage, deployed applications, and possibly
limited control of select networking components (e.g., host firewalls).”
This is the lowest common denominator of cloud services, with a minimalist deployment consisting of
essentially just the (mostly virtual) server and low-end infrastructure services (e.g. storage & network
connections) upon which service consumers can layer custom or pre-built operating systems, Web
servers, applications, and other higher level services.
Deployment Models
NIST also defines four deployment models.
“Private cloud. The cloud infrastructure is operated solely for an organization. It may be
managed by the organization or a third party and may exist on premise or off premise.”
Note that this specifically includes an allowance for either on-premise cloud – run by an organization
within its own facility (such as a data center); or off-premise cloud, hosted in a third-party facility (such
as a co-location facility or hosting service).
“Community cloud. The cloud infrastructure is shared by several organizations and
supports a specific community that has shared concerns (e.g., mission, security
requirements, policy, and compliance considerations). It may be managed by the
organizations or a third party and may exist on premise or off premise.”
Again, this specifically allows for a community cloud that is on-premise or off-premise.
“Public cloud. The cloud infrastructure is made available to the general public or a
large industry group and is owned by an organization selling cloud services.”
A public cloud, however, cannot generally be on-premise, unless of course the premise is owned
by a cloud service provider (albeit this model could possibly include an enterprise reselling its own
spare capacity).
“Hybrid cloud. The cloud infrastructure is a composition of two or more clouds
(private, community, or public) that remain unique entities but are bound together
by standardized or proprietary technology that enables data and application
portability (e.g., cloud bursting for load-balancing between clouds).”
A combination approach is also valid, and indeed will likely to be the most popular form of cloud com-
puting, as shown in EMA data below. At very least, this is an essential transition state for organizations
with a significant existing IT deployment, and for many will likely remain a permanent state of cloud
computing. It is important that a hybrid cloud requires a standardized transport for portability of data
and applications, so isolated deployments are not necessarily a hybrid cloud. However, this transport
could be (and often is) as simple as an FTP or HTTP connection.
The Responsible Cloud
©2010 Enterprise Management Associates, Inc. All Rights Reserved.
Page 6
IT MANAGEMENT RESEARCH,
INDUSTRY ANALYSIS AND CONSULTING
Notes
NIST also includes 2 important qualifications to this definition:
“Note 1: cloud computing is still an evolving paradigm. Its definitions, use cases, underlying
technologies, issues, risks, and benefits will be refined in a spirited debate by the public and
private sectors. These definitions, attributes, and characteristics will evolve and change over time.
Note 2: The cloud computing industry represents a large ecosystem of many models, vendors,
and market niches. This definition attempts to encompass all of the various cloud approaches”
These notes are critical to the interpretation of this definition, and of cloud computing in general.
Cloud is still an early technology, with (to date) limited adoption. As with all early technologies, it will
be greatly shaped by the enterprises that use, provide, sell, leverage, and service it.
As such, it is important to beware of dogmatic interpretations of cloud computing that do not allow
for variation. If a deployment or model is missing just one of the essential characteristics, or has some
minor variation of deployment model, for example, this should not automatically disqualify an offering
or solution from being “cloud computing.”
The key is to be flexible, rather than focusing on definitions and semantics. Look at drivers and expec-
tations, at deployment models and use cases, at outcomes and barriers, in order to find the best way to
build a Responsible Cloud, and drive success, according to key business requirements.
Drivers and Expectations
EMA looked specifically at drivers and expectations for cloud computing. The results can be seen in
Figure 1 below.
Reduce IT operational costs
52%
Improve IT service quality
47%
Reduce IT capital costs
45%
Increase flexibility and agility
33%
Enable DR/BCP
28%
Reduce IT mgmt complexity
27%
Free up strategic resources
21%
Improve security/risk mgmt
20%
Add revenue reselling services
13%
Improve regulatory compliance
12%
Other (Please specify)
1%
0%
20%
40%
60%
% of Respondents
Figure 1 - Which are the most important drivers in your organization’s decision to
implement cloud computing? Select 3 most important drivers.
The Responsible Cloud
©2010 Enterprise Management Associates, Inc. All Rights Reserved.
Page 7
IT MANAGEMENT RESEARCH,
INDUSTRY ANALYSIS AND CONSULTING
It would appear that the key drivers for cloud computing are all about cost and service – in that order.
It is not surprising to see cost as a major driver – or in this case, two of the top three drivers. There is
also a major gap between the second major cost driver, and the next highest non-cost driver. It is, how-
ever, somewhat surprising that CapEx reduction is not the highest driver overall. The common wisdom
is that with cloud computing you do not need to pay upfront capital costs of IT equipment, but rather
simply lease the equipment as and when it is required, thereby deferring capital costs, and spreading
them over time as operational expenditure. However, clearly OpEx is a more substantial driver. This
leads to the possibility that it is really the automation, flexibility, and agility aspects of cloud comput-
ing that are driving its advance, more than the hardware resource pooling aspect. It is possibly related
to the dominant model – not a public, off-premise model where the CapEx is the service provider’s
problem, but a private hybrid or on-premise model where CapEx is still an issue for the enterprise.
Cost factors make up two of the top three drivers.
While cost factors make up two of the top three drivers, a measure of disappointment with current
levels of IT service makes up three of the top five – including a desire for better service levels, greater
flexibility, and better recoverability. Clearly many IT departments are still not providing the levels of
business service that is expected of them, nor are they providing it at a cost that is acceptable, and are
subsequently looking to cloud computing for solutions to these challenges.
While (to some extent) all IT initiatives are focused on similar drivers, this is starting to show a clear
pattern – the most important drivers for cloud combine the most important values of virtualization,
automation, service management.
• Just as with virtualization, flexibility and agility are key – in EMA research into virtualization5, these
were rated as “critical” or at least “somewhat important” by 96% of enterprises
• Just as with automation, reducing complexity is key – in EMA research into Data Center
Automation6, this was ranked as the highest of all drivers
• Just as with service management, improving IT service levels is key – in EMA research into
Service Management7, improving customer service was rated as the most important driver by
82% of enterprises
5 EMA Research Report, Virtualization and Management: Trends, Forecasts, and Recommendations,
http://www.enterprisemanagement.com/research/asset.php?id=721
6 EMA Research Report, Data Center Automation: Delivering Fast, Efficient, and Reliable IT Services,
http://www.enterprisemanagement.com/research/asset.php?id=613
7 EMA Research Report, The Aging Help Desk: Migrating to a Modern Service Desk,
http://www.enterprisemanagement.com/research/asset.php?id=1439
The Responsible Cloud
©2010 Enterprise Management Associates, Inc. All Rights Reserved.
Page 8
|
|
|
|