Can IT manage the cloud? These CTOs can

There are plenty of ways to adopt the cloud and not lose control of your datacenter

Brian Corrigan used to run datacenters for major casinos, so he knows not to gamble with mission-critical apps. Now, he works in the other gaming industry -- the one with joysticks and lots of shooting -- building communities for online gamers and collecting information about game usage for their publishers. As CTO at Agora Games, he needs to quickly ramp up and then cut his computing capabilities as new games come on the market, become all the rage, and eventually fade into so-so status. So it's little surprise that he's joined the growing ranks of companies buying computing, storage, and networking power as they need it from the cloud.

What is more surprising is that Corrigan and a number of other IT managers say that the use of virtualization and open source monitoring tools lets them do just as good a job, if not better, monitoring and managing virtual machines in the cloud as equipment in-house or in a collocation facility. That's especially true for those strapped for the time, money, or skills to analyze every last picosecond of application performance.

[ IT pros can use the cloud for their own needs, as Mel Beckman reports. | Confused by cloud hype? InfoWorld shows what cloud computing really means and compares the main cloud offerings. ]

Cloud vendors tell IT: Trust but verify
Not all compute clouds are created equal, and whether cloud computing gives you enough visibility and control for datacenter adoption depends very much on what type of cloud computing you're buying.

Perhaps the most familiar cloud model is software as a service (SaaS), which lets customers use application software over the Web. Examples include, most notably, Salesforce.com in the CRM space and Google Apps for e-mail and calendaring. Here, the customer typically buys from the cloud specifically to get away from systems management chores and often trusts the vendor's performance dashboards and the absence of screaming from users to tell them the application is running.

A second cloud model, which usually requires and offers customers far more hands-on access, is infrastructure as a service, or utility computing. Here, the customer buys the ability to create, manage, and delete virtual servers, storage, and network resources in the cloud. Vendors include Amazon.com with its Elastic Compute Cloud (EC2) compute services and Simple Storage Service (S3). Additionally, different vendors sell backup, security, and other IT functions as a service from the cloud. Finally, there are Web-based development platforms such as Salesforce.com's Force.com and Microsoft's Azure.

As you would expect, SaaS vendors such as Salesforce.com say the trust SaaS customers put in their vendors is well placed. "Most companies don't know as much about their own systems' behavior as they can find out, from any Web browser, about the systems in the Salesforce.com cloud," says Ariel Kelman, senior director of platform product marketing for Salesforce.com.

But others -- such as those who hope to sell systems management software to cloud customers -- aren't so sure. Along with concerns about security, one of the first questions enterprise customers ask is, "How do I know I'm getting what I'm paying for?" says Stephen Elliot, vice president of strategy for the datacenter automation business unit at CA. After independent monitoring of their cloud services, many customers have "gone back and renegotiated contracts" after receiving lower than promised levels of service, says Ramin Sayar, senior director of products for business service management at Hewlett-Packard.

Many customers take comfort in the fact that highly publicized outages, such as those suffered by Google's e-mail service and by Amazon.com's EC2 and S3 offerings, are poison to a provider's image. Many are comfortable with the dashboards published by Salesforce.com and Amazon.com, which provide varying levels of detail about the health of their services. (Later this year, Amazon.com plans to provide more real-time updates on metrics such as customers' CPU and network utilization.) Finally, most cloud providers provide SLAs spelling out the performance they will deliver and penalties if they fail.

A tool chest to check on -- and manage -- your cloud providers
But you don't have to trust the vendors' reports to assess whether they deliver the service promised. IT pros can use anything from simple network-sniffing tools to open source monitoring software and enterprise-class management systems to see what they're getting from the Web. While not all integrate seamlessly with mainstream systems management tools running customers' internal operations, they are often good enough to get the job done.

IT can expect to use open source management tools, vendors' performance dashboards, and -- in some cases -- root access to servers. What you can't expect to get are universal interfaces between cloud and legacy management tools and -- in some cases -- neither administrative access to servers nor the ability to install management or security agents.

Customers purchasing infrastructure as a service, and who have the greatest management needs, should ideally use "the same agents, the same tools, the same configuration, and management tools" as in their own datacenters to simplify and standardize administration, says Joseph Tobolski, a partner at Accenture Technology Labs. While there isn't universal integration between such tools and the cloud service providers' APIs, he expects such integration "pretty soon" because of the need for "some sort of control of the cloud."

Consider how these IT pros check up on and manage their cloud services.

OmniPresence, which sells videoconferencing and teleconferencing equipment and services, uses the Zenoss family of management software to monitor the equipment and services it provides to customers. Omnipresence's director of technical services, Chris Sanford, says he can monitor services in the cloud as easily as those located in-house, using Zenoss to create data collectors that "sit out in the cloud" and send information about system performance and reliability to a monitoring dashboard.

For Agora Games, one critical requirement in choosing a cloud provider was having root-level access to the 60 to 70 virtual servers it runs at cloud provider Terremark Worldwide. "We're really heavy users of Ubuntu Linux," says CTO Brian Corrigan. "It's hard to take a Unix guy and tell him he can't have low-level access to the system. We really tweak the Unix system to get a lot of performance" to keep Agora's gaming customers happy.

Using Terremark's cloud computing environment, Corrigan says, he can just as easily manipulate his virtual servers as if they were in-house or at a collocation facility. He can build a test environment for a new game, easily clone it for production, and then remove it when the popularity of the game fades. He also says the virtualization makes it easier to enforce change management procedures and keep developers from posting code directly to the production environment by creating virtual network segments dedicated to testing. In addition, he says, he gets the use of higher-quality equipment than at many collocation facilities.

In addition to the console Terremark provides, Agora can use its own monitoring applications "to keep them honest," says Corrigan. "We did it a lot in the beginning, but there has never been any sort of problem, so we just sort of trust them," he says.

Pathwork Diagnostics uses Amazon.com's EC2 infrastructure to meet big spikes in demand for computing power whenever it acquires specimens of various types of tumors and must race competitors to create tests to detect those tumors. Pathwork only needs to monitor the virtual "compute units" it is using, as well as the amount of memory allocated to each, says Zoran Popovic, a senior software engineer. To do that, Popovic uses Unix open source tools for both jobs. His only gripe: One tool forces him to monitor each virtual machine separately, rather than all at once.

Dreambuilder Investments has built its key business applications on Salesforce.com's Force.com platform, and it relies on cloud services from other vendors for its backup, accounting software, and even PBX, The company has built a few simple tools to monitor the quality of its Web connections, but it usually relies on the CRM giant to keep its applications running and provide updates on their health.

Even if all a customer does is monitor the "heartbeat" of a cloud service, that can be enough, OmniPresence's Sanford says. Just a notification that Salesforce.com has gone down, even with no additional detail, "allows you to troubleshoot that problem, and maybe even get it resolved before anyone knows it's broken. It may not be Salesforce, but [instead] may be your own internal Internet router." At the very least, it keeps the IT guy from being blindsided publicly by the cloud.

Security: The cloud killer?
Data security is one of the biggest worries keeping enterprise apps out of the cloud. But it isn't a showstopper for small to medium-size firms, even those that rely completely on the cloud. For example, Agora could encrypt the data on each server but doesn't, because of the likely drag on performance. The fact he has root-level control of each server means "we can prevent anyone else from getting access to the data," says Corrigan.

And unlike at a collocation facility, whose administrators would need access to his servers in case they cause trouble for other customers, Agora's own admins are the only ones with the authority to touch his virtual servers. As for network security, says Corrigan, "We went from having a stack of physical servers with publicly accessible IP addresses to a slew of virtual machines with private IP addresses behind a software firewall. We can manage all of the firewall rules in one place, installing less restrictive generic rules on the actual VMs."

At Pathwork, Popovic encrypts data to and from Amazon.com using the SSL protocol, decrypting it for analysis while in the EC2 cloud. "There is always a risk when you release your data out of your private network," he says, "but we think the risk is manageable."

Enforcing proper access control to applications and services is just as critical for apps in the cloud as in-house and should be part of any customer's security policies regardless of where they host their IT infrastructure.

Amazon.com uses firewalls to ensure "everybody's computing instances are completely walled off from everybody else's information," says Adam Selipsky, vice president of product management and developer relations for Amazon Web Services. Each instance is preconfigured for maximum security with all unnecessary ports turned off, he says.

Rather than dissect Salesforce.com's security policies, Dreambuilder CTO Jonathan Snyder trusts that "the many very large customers who rely on Salesforce the same way I do" keep the pressure on Salesforce.com to protect their data -- and, by extension, his data. "I'm going along for the ride," he jokes.

The risk ratio may work in your favor
Of course, moving to the cloud is not a panacea. IT and business managers first need to do the hard work of thinking through what applications or services make sense to move to the cloud, rather than just follow the siren song of low price. Then they need to evaluate what levels of monitoring and management make sense for their skill set, the criticality of the application, and most of all, their business needs.

But for the right applications under the right business conditions, managing and monitoring IT in the cloud is not only doable but easier than in a brick-and-mortar, in-house datacenter.

Mobile Security Insider: iOS vs. Android vs. BlackBerry vs. Windows Phone
Recommended
Join the discussion
Be the first to comment on this article. Our Commenting Policies