Friday, January 14, 2011

Picking a Lane in Cloud Computing

Because cloud computing is big and varied, there are lots of ways to apply it—which requires you to ultimately make some important decisions. In this post we’ll explore what some of those decisions are, first with cloud computing generally, then specifically with the Windows Azure platform. This is an excerpt from my upcoming book, The Azure Handbook.

Choice is good, right? Yes and no: it’s good to have options but it also raises the specter that a wrong choice will take you to some place you don’t want to go. You might even be unaware that you have a choice in some area or that a decision needs to be made. While there’s some value in experimenting, you eventually need to make some rather binding decisions. Failure to get those decisions right early on could cost you wasted time, effort, and expense.

 SaaS, IaaS or PaaS? 
The first choice to make is the one that’s most talked about (talked about to death, perhaps): whether you’re going to run Software-as-a-Service, Platform-as-a-Service, or Infrastructure-as-a-Service. What’s at issue here is the level at which you use cloud computing.

SaaS: Someone else’s software in the cloud. If you’re simply going to use someone else’s cloud-hosted application (such as or Microsoft Exchange in the cloud), decision made: you’ll be using SaaS. If that’s you, read no further. The rest of this article is for those who want to run their own software applications in the cloud (to be sure, your SaaS software provider is using IaaS or PaaS themselves but that’s their worry, not yours.)

PaaS: Your Cloud Applications. This means running applications in the cloud that conform to your cloud provider’s platform model. In other words, they do things the cloud’s way (which is often different from in the enterprise). There are many benefits to running at this level, among them superb scale, availability, elasticity, and management. There’s a spectrum here that ranges from minimal conformance all the way to applications designed from the ground up to strongly leverage the cloud.

IaaS: Traditional Applications in the Cloud. This means running traditional applications in the cloud. Not all applications can run in the cloud, and you’re not leveraging the cloud very strongly by running at this level. If your application and data aren’t protected with redundancy there are some real dangers you could lose availability or data (in PaaS, the platform has these protections built into its services). IaaS appeals to some people because it’s more similar to traditional hosting and thus somewhat more familiar, or because they prefer to take control themselves.

Not sure which way to go? For running your own applications in the cloud, PaaS is the best choice for nearly everybody.

 Public, Private, or Hybrid Cloud? 
Public Cloud: Full Cloud Computing. Cloud computing in its fullest sense is provided by large technology providers such as Amazon, Google, and Microsoft who have both the infrastructure and the experience to support large communities well with dynamic scale and high reliability. We call this “public cloud”. When you use public cloud, you get the most benefits: no up-front costs, consumption-based pricing, capacity on tap, high availability, elasticity, and no requirement to make commitments.

Private Cloud: Under Your Control. And then there’s private cloud, not quite as firmly defined yet but very much on everyone's mind. Ever since cloud computing became a category there’s been ongoing demand in the market for “private clouds”. There’s more than one interpretation of just what this means or how it can be delivered; the general idea is to benefit from the cloud computing way of doing things but with a strong degree of privacy and direct control as compared to public clouds, where you are in a shared environment. Here are some of the ways private cloud is interpreted:

1) Hardware private cloud: a local cloud computing hardware appliance for your data center.
2) Software private cloud: a software emulation you run locally.
3) Dedicated private cloud: leasing a dedicated area of a cloud computing data center not shared with other tenants.
4) Network private cloud: ability to exercise network control over assets in the cloud such as joining them to your domain and making them subject to your policies. This last idea more properly belongs in our next category, Hybrid Cloud.

Hybrid Cloud. If you’re making use of public cloud, it often makes sense to connect your cloud and on-premise assets. Using VPN technology some cloud platforms allow you to link your virtual machines running in the cloud with local on-premise machines. You might do this for example if you had a cloud-hosted web site that needed to talk to an on-premise database server. If you want to be on more intimate terms, your cloud assets can become members of your domain.

In the Windows Azure platform, all 3 forms of cloud are available: public cloud, hardware private cloud, and hybrid cloud.

Not sure what you need? Public cloud is the best starting point for most organizations, it doesn’t commit you. Whether and when you look into private cloud or hybrid cloud is something best decided once you’ve tested the public cloud waters.

 Which Cloud Computing Platform to use? 
If you’ve decided to go with PaaS or IaaS, you need to choose a vendor and platform. The big players are Amazon, Microsoft, and Google.

Amazon Web Services offers an extensive set of cloud services. I think of them as mostly focused on IaaS but they also provide a growing set of PaaS services.

Microsoft’s Windows Azure Platform also offers an extensive set of cloud services. Windows Azure is very focused on PaaS but also offers some IaaS capability. One distinguishing feature of Windows Azure is the symmetry Microsoft offers between its enterprise technology stack and its cloud services.

Google provides some interesting cloud services such as AppEngine that are very automatic in how they scale, but they limit you to a smaller set of languages and application scenarios.

Here’s a comparison I recently put together on the services offered by these vendors. Keep in mind, the platforms advance rapidly and I’m only an authority on Windows Azure; so you should definitely research this decision carefully and make sure you’re using up-to-date information.

Not sure where to go? Figure out what's important to you and compare. I have my favorite, and it's Windows Azure.

 Services: Hosted Compute vs. Consuming Services 
Even after selecting a cloud computing platform and provider you have plenty of decisions left to make! Cloud computing providers provide oodles of services such as those listed in the previous section. Which ones will you use and for what purpose? Not everyone uses the cloud in the same way. Some organizations run public web sites, customer applications, or internal departmental applications in the cloud. Some use the cloud for data archiving, backup, or disaster recovery. Some use the cloud for overflow to back up their primary data center. Some use the cloud to federate security or communication across multiple organizations. Some start-ups and newer companies put all their IT in the cloud.

We can divide the services you might use from a cloud computing provider into 2 big categories: Hosted Compute and Everything Else.

Consuming Services: Using the Cloud from a Distance. Most cloud services are consumed: that is, your programs (wherever they reside) access them by making Internet calls. Cloud services for storage, database, security, and communication work this way. Since just about any platform can issue web calls, you’re free to make use of cloud services from any operating system and any category of software application (including desktop and mobile applications).

Hosted Compute: Running your Application in the Cloud. Then there’s Hosted Compute, where your software actually runs within the cloud computing data center. That’s different, because you live there and have to conform to the requirements of the environment.

It’s not that you have to pick one category over the other: most likely you’ll be using a combination of services. However, be aware that with Hosted Compute you’re using cloud computing at a much more intimate level and it puts more constraints on the design of your application.

 Design to Minimize or Maximize Use of the Cloud? 
You have some choice about how strongly your applications are designed for the cloud platform. There are various reasons why you might favor doing as little as possible or as much as possible in this area.

Driver: Expense. If you are migrating an existing application to the cloud and are sensitive to development costs you might choose to change as little as possible. You can change your application just enough to achieve minimal conformance to the cloud platform.

Driver: Portability. If you have concerns about being locked into a platform, you might choose to stress portability and write your software in such a way that it can run in the enterprise or in the cloud. This means limiting yourself to the “common ground” features that are the same between the enterprise and the cloud.

Driver: Feature Need. There may be a specific feature in the cloud that you need and can’t find elsewhere, such as a federated security service. In this scenario you might change your application design to accommodate this one feature need.

Driver: Commitment. You may have committed to cloud computing as a style of computing you want to embrace for strategic or cultural reasons. Here you will want to do everything the cloud way, including designing your applications to strongly leverage cloud services.

 Identity: Internet, Domain, or Custom? 
When your applications run in the enterprise, the default identity model may be obvious such as securing employee applications to your domain. When you put an application in the cloud, you have to decide which security model you want to use for identity. You have many choices in identity these days.

Internet Identities. Many people today have one or more Internet identities such as Facebook, Google, Yahoo, Windows Live, or Open ID.

Domain Identities. Even if your application is in the cloud you can still secure it to your domain. There are multiple approaches for this. One is to establish a hybrid cloud virtual network connection to your domain controller. Another is putting a federated identity server in your enterprises DMZ such as ADFS.

Custom Identities. You could maintain a custom membership database. However, consider that by supporting an existing identity scheme you eliminate the need for someone to create and remember yet another identity for your application.

Federated Identity. Federated identity allows you to support multiple identities simultaneously and to add new ones over time. Windows Azure provides the AppFabric Access Control Service for federated identity. Your program only needs to talk security one way and the service takes care of communicating with multiple identity providers.

The best way to handle security today is to use claims-based security and to decouple security implementation from your code. In the Windows Azure platform, technologies used in this area include Windows Identity Foundation, ADFS, and the Access Control Service.

 Data Storage: Relational or Cheap? 
In the enterprise, the king of storage is the relational database, augmented by other types of storage such as queues and file servers. In the cloud, you also have these facilities but the dynamics and costs are such that you may want to change out the equation. For example, in the Windows Azure Platform relational database capability is 66 times more expensive than basic table storage. If your data needs are not sophisticated, table storage may make sense.

Relational Database. A cloud-based relational database is going to give you the rich features you are used to having, which will make development or migration easier. But you may have size or scalability limits or it may be more expensive than other options.

Table Storage. Some cloud platforms offer cheap, big table storage at a fraction of the cost of a relational database and without its limits. In exchange for the lessened cost developers must do a lot more work themselves and live without advanced features like stored procedures, SQL, joins and user security. Not all developers are cut out for this.

Not sure where to go? Come up with a simple data task and have it implemented both ways, then compare notes.

 Master Data Management: Here or There? 
Great, you’ve got your application and data running in the cloud—but where is the master system of record for your data, in the cloud or back in the enterprise?

Master Data in the Cloud. If your data’s master copy will be in the cloud, you need to ensure you are using a trustworthy means of storage that will protect your data. For example, in Windows Azure there is the Windows Azure Storage Service and the SQL Azure Database service, both of which protect your data through redundancy.

Master Data on Premise. If the master copy of data is on-premise, you need to think about how your cloud applications get to it: do they access it directly (through a web service or VPN connection) or do they have their own copy of the data in the cloud? If the latter, then some sort of synchronization is going to be necessary, either ongoing or periodic. Your cloud platform may provide synchronization services or you may need to adapt or create tools, scripts, or programs for this purpose.

 Service Access: REST or Platform Libraries? 
Now you’re consuming cloud services, which most often use the REST protocol for access; this means your applications issue web requests to use the service. In addition to the usual development platform choices you have about language and tools, your platform may let you choose between REST web calls vs. using a provided library. For example, in Windows Azure Storage you can access the service with REST or a .NET storage library.

REST Interface. Using REST is very popular today, and has the benefit that just about any operating system and development platform can be used since the only requirement is the ability to make web calls. However, REST also requires you to work at the web I/O level, where you need to implement creating web requests, encoding and encrypting data, interpreting web responses, handling errors and performing retries. It can be quite a bit of work.

Platform Library. A platform library in contrast is easy to work with, and if one is available for your favorite development environment and language (such as C#/.NET and Visual Studio, or Java and Eclipse) you may find a radical improvement in productivity using this approach. It may provide built-in error handling and retry logic. However, this approach does limit you to a particular platform and you are trusting the library (usually a wrapper around a native REST interface) that you may not have source code to.

Here’s an example of the difference. A call to Windows Azure Storage service to store data looks like this, and you can use REST or a .NET library to generate it.


Request Headers:
x-ms-version: 2010-09-19
x-ms-date: Sun, 2 Jan 2011 22:00:35 GMT
Content-Type: text/plain; charset=UTF-8
x-ms-blob-type: BlockBlob
x-ms-meta-m1: v1
x-ms-meta-m2: v2
Authorization: SharedKey myaccount: 4rvSHg2S6LhRuGn713bqFXRM3E08QDGbPWOhOdWO2V+DoLhbmvc2rSwIO/wwMqzxlZUh0C+Wwy0LoDj1da4wQB==
Content-Length: 13

Request Body:
Hello, Cloud!

If you used your own code to generate this REST request in C#, it would look something like this (not shown: additional code to sign and send the request):

// Create or update a blob.
// Return true on success, false if not found, throw exception on error.

public bool PutBlob(string container, string blob, string content)
    HttpWebResponse response;

        SortedList headers = new SortedList();
        headers.Add("x-ms-blob-type", "BlockBlob");

        response = CreateRESTRequest("PUT", container + "/" + blob, content, headers)
            .GetResponse() as HttpWebResponse;
        return true;
    catch (WebException ex)
        if (ex.Status == WebExceptionStatus.ProtocolError &&
            ex.Response != null &&
            (int)(ex.Response as HttpWebResponse).StatusCode == 409)
            return false;


For comparison, here’s how this is done using the .NET StorageClient library, also using C# code:

// Put (create or update) a blob.
// Return true on success, false if unable to create, throw exception on error.

public bool PutBlob(string containerName, string blobName, string content)
        CloudBlobContainer container = BlobClient.GetContainerReference(containerName);
        CloudBlob blob = container.GetBlobReference(blobName);
        return true;
    catch (StorageClientException ex)
        if ((int)ex.StatusCode == 404)
            return false;


Not sure which way to go? Your developers likely have strong opinions--or will after a little bit of experimentation.

 Closing Thoughts 
Well, there you have it. These are some of the decisions you’ll need to make on your journey into cloud computing. For some of these decisions the right way to go for your organization may be obvious. When it isn’t, do some experimentation and read up on the experiences of others.

A good way to be sure you’re making the right decisions is to get help from a knowledgeable consulting company who knows what to look for and the right questions to ask. At Neudesic we’ve teamed up with Microsoft to provide free cloud computing assessments. And of course this is yet another decision.☺

1 comment:

us vpn said...

Thank you for this article which helped me decide what type of cloud to get.