13th October 2010

Robin MeehanChief Technology Officer

Harvesting the Potential of Cloud ComputingReadying your Enterprise Architecture…

2Harvesting the Potential of Cloud Computing | 13 September 2010

OK – there’s a lot of hype…but it’s not a fad

….let’s get real about this…

How is your Enterprise Architecture affected?

• What do we need to think about in a new way?• What do you have to do differently?• …and what has stayed the same?

Introduction

3Harvesting the Potential of Cloud Computing | 13 September 2010

• It’s just another tool in the architect's tool bag really – in crude terms…− Another application delivery mechanism− Another application development approach− Another hosting option

Enterprise Architecture

Impacts on your architecture team

• Experience – architecture teams are resistant/risk averse

“it doesn’t apply to us”

− Yes it does – even local government/ military have suitable scenarios, so I’m sure you do

− Have an EA position on it, even if it is…• "cloud doesn't apply to us because we don't

like saving money”?• Update your strategy and roadmaps

4Harvesting the Potential of Cloud Computing | 13 September 2010

• Organisational impacts− Cost savings are real in a peaky model

• e.g. circa 50% cost saving in non risk-averse retail model

− Constraints on the organisation are removed• e.g. risk modelling in the financial sector was constrained by cost/tin

• Cultural changes− Distributed transactions are a less prominent consideration− Internet-levels of user expectations - Hit F5 to have another go!− Analogous to consumer behaviour on the Internet

• The “have a go/post your life online” gen Y behaviour as opposed to the cautious pre-gen Y behaviour

Business Architecture

5Harvesting the Potential of Cloud Computing | 13 September 2010

• #1 on most people’s lists…and yet…

• Many of our enterprise level customers have already adopted SaaSe.g.:− Aviva using WorkDay - http://www.workday.com/resources/videos/aviva.php− O2 using Salesforce.com – see http://www.salesforce.com/uk/customers/communications-

media/o2.jsp

• …what could be more critical than putting customer and staff data “in the cloud”?

Information Security

6Harvesting the Potential of Cloud Computing | 13 September 2010

• Your Information Security guys should already manage your own internal data classification, ownership, and governance scheme

• What can go “in the cloud”?• Do you need further subdivision of the levels now for a cloud world?

• If you did an internal data security review – would you be embarrassed today?E.g.− Authentication of callers of internal service calls? − Network carrying data (password etc) in the clear today?

Information Security (cont)

Public

Sensitive

PrivateConfidential

7Harvesting the Potential of Cloud Computing | 13 September 2010

• There’s new attacks and risks to considerE.g.− Different levels of multi-tenancy give different levels of risk− New styles of DoS attacks, exploiting the newly-exposed APIs− “Stock” VM image corruption

• Takeaway− If you want to exploit it, Cloud forces you to revisit your principles and get your act

together…same as for PCI DSS in some ways− Architecture principles evolve over time – that is appropriate. Reassess your policies.− Are they being ignored today?

• Are you “getting away with it”?• Instead of setting the bar at a high level and never reaching it…

…set it at a reasonable level and always meet it

Information Security (cont)

8Harvesting the Potential of Cloud Computing | 13 September 2010

• Database layer− Highly performant databases don’t map to VMs very well, and therefore the cloud− NoSQL movement is a reaction to this− Oracle RAC not supported in AWS− Data encryption at rest – more than “traditional”

• Network layer− Encryption in transit – more than “traditional”

• Dynamic horizontal scaling− This used to be infrequent, now it can be by the minute/hour − New IP addresses added/removed on the fly− Firewalls need to be dynamically configured to allow traffic through from the right IP addresses –

much greater degree of automation required− Licensing implications

• Not an accident that the big cloud providers use open source…

Application Architecture

Modified patterns for application architecture hosted on IaaS are required

9Harvesting the Potential of Cloud Computing | 13 September 2010

• Getting organised to do this stuff – IaaS− Get the Operational guys involved – and they will love you for it− Sexy new tech to play with, and ease of use− E.g. Puppet vs individual AMIs approach – think about patch management

for example− Standardise− …then rationalise and consolidate− Automated provisioning/supportability

• Manageability will become a key driver• Lots of VMs to manage, IaaS makes this no easier than for physical servers

• Billing− “Design to tools” mentality required – if you want the economies of scale/price− Engage with your procurement team− Starting small? – it’s plastic, not POs

Operational architecture

Get ready…

10Harvesting the Potential of Cloud Computing | 13 September 2010

Operational architecture (cont)

Be aware of the SLAs…or lack of them

11Harvesting the Potential of Cloud Computing | 13 September 2010

• Governance will be key due to the rise of “self-provisioning”− Both in how it is defined, and how it is executed

• A hybrid cloud model for your enterprise architecture is the reality

• Cloud Integration is the next big challenge/timebomb− The creation of 21st century silos− Partly due to “foot in the door” sales techniques of SaaS vendors

What does the future hold?

Future Enterprise Architecture realities…

12Harvesting the Potential of Cloud Computing | 13 September 2010

• There’s been a lot of hype• But there was with the Internet boom also – winners/losers, but it was still

transformational

• Key takeaways− Doing nothing is not an option - because your market peers will− If you haven’t got one, define a cloud adoption strategy

• Revise any enterprise architecture “assets” in readiness• Ensure your architecture governance framework is up to the job• Identify the appropriate scenarios for your organisation• Create a plan to exploit the opportunities• Get started on a low-criticality pilot

Summary

Your organisation must evolve to exploit a disruptive technology

Copyright © 2010, Smart421. All rights reserved.A copy of this presentation is available on request

Robin Meehan, Chief Technology Officerrmeehan@smart421.comhttp://smart421.wordpress.com/category/cloud-computing/

www.smart421.comFor more information, please visit our website