The adoption curve for cloud
computing is on the rise for today’s organizations. However, a majority of enterprises
still consider it to be more hype than reality, thereby failing to realize the
benefits of disruptive innovation. There is a growing realization however that
on-premise computing has its own limitations. For many next generation
applications the elastic and affordable power of the Cloud actually becomes a
necessity. A few top ten prevalent jokes about cloud computing:
“Cloud computing should be named Cloudy computing, because it's
precipitous, vague, messy, hazy and unpredictable.”
“If your hot computing Cloud
bumps into a cold computing Cloud,
you get Lightning computing,
followed by stormy computing and network outages”
Jokes apart: is it about time we
started to govern the cloud? If so should this be limited to the technology or
should it focus on the operating model in order to make it more secure?
These are the some of the important questions that organizations are
asking today when adopting disruptive innovation in order to maximize “as a
service” transformation enabling better reach and integration with customers,
partners and suppliers.
In order to ascertain the
intricacies of Cloud it is important to understand the relationship between Service
Oriented Architectures (SOA) and Cloud, not only at an architectural level, but
also at a business solution and service level. SOA as defined by The Open Group
(A vendor neutral, technology neutral global consortium with membership of 400
plus organizations enabling the achievement of business objectives through IT
standards ) to be “an architectural style
that supports service orientation.
Service orientation is a way of
thinking in terms of services and service-based development and the outcomes of
services.”
According to NIST, “Cloud Computing is a model for enabling
ubiquitous, convenient, on-demand network access to a
shared pool of configurable computing resources (e.g., networks, servers,
storage, applications, and services) that can be rapidly provisioned and
released with minimal management effort or service provider interaction. This cloud model promotes availability and is
composed of five essential characteristics,
three service models, and four deployment models.” The Service models are Cloud
Infrastructure as a Service, Cloud Platform as a Service, and Cloud Software as
a Service. The service models, and the
fact that cloud computing is discussed in terms of the creation, delivery and
consumption of cloud services, means cloud computing supports service
orientation. Enterprises expose infrastructure, platforms and software as
services as part of SOA solutions today. Certainly Software as a Service is not
new and has been a hot topic for years.
Cloud
deployment models typically are Private, Community, Public, and Hybrid. These
deployment models define the scope of the cloud architecture and solution, does
the cloud solution exist strictly within the organization boundaries (private),
across organization boundaries (public), or a combination (Hybrid). Certainly
these scopes have been seen in SOA solutions before Cloud (while there was not
a well known architectural model for them as there is in cloud computing),
there are SOA solutions that exist strictly within an enterprise, or between
businesses across enterprise boundaries (B2B). In fact one of the key values of
SOA was to develop SOA solutions with services that are integrate between
business partners, enabling outsourcing, simplifying integration and increasing
agility, much like the Hybrid model. Cloud computing enables this paradigm by
adding cloud-characteristics to the services being delivered & consumed.
The
essential characteristics for Cloud Computing are on-demand self-service, broad
network access, resource pooling, rapid elasticity, and measured Service. These
characteristics can be found in requirements and SOA solutions in various
organizations today, although these characteristics are optional for SOA and
mandatory for cloud.
They say “when it rains it pours”. The primary concerns around Cloud computing include:
·
Business Buy-In
o Business process and Application
portfolio and transformation?
o Is the executive team
sponsoring the initiative?
o What is the ROI and
TCO?
o What are the business
priorities?
·
Security and
Compliance :
o Where is the data?
o Who can see the data?
o Who has seen the
data?
o Is data been tampered
with?
·
SLA
o Where is processing
performed?
o What about the
functional and non-functional SLA?
o Do regular backups
happen?
o How is accountability
maintained?
·
Interoperability
o Where are the
critical integrations in a business process?
o What about standards
(internal to the org OR adopted from the industry)?
o Which platform to be
used?
o What about service
metrics?
Cloud Computing
Governance paves a way to address these concerns. Cloud Computing governance is a view of IT Governance focused on
accountability, defining decision rights and balancing benefit or value, risk
and resources in an environment embracing cloud computing. Cloud Computing Governance creates business
driven policies and principles that establish the appropriate degree of
investments and control around the usage of cloud computing services.
This ensures all enterprise expenditures related to Cloud
are aligned with the business objectives, promotes data integrity across the
enterprise, encourages innovation, and mitigates the risk of data loss or
non-compliance with regulations. It
recognizes that cloud computing increases the pervasive nature of IT and
ensures enterprise-level decision makers are able to address the overall IT investment,
resource requirements, opportunities for value, and implications of risk –
regardless of organization or delivery provider.
What is new about cloud is that instead of supporting interoperability
requirements per solution, the industry is trying to ‘standardize’ how these
requirements are being met to enable cloud computing. Cloud architectures
require a set of capabilities and architecture building blocks to meet the NIST
essential characteristics that are optional in SOA. In addition, these architectural
building blocks may be implemented in Cloud specific ways to handle scale, cost
optimization and automation.
Cloud
governance should focus on the following key characteristics (a) transparency
(b) physical security (c) Logical security (d) Data Integrity in relation to the on / off premise
deployment models (private, public, hybrid) .
Let’s
now consider services… A service is typically defined as:
- Is a logical representation of a
repeatable business activity that has a specified outcome (e.g., check
customer credit; provide weather data, consolidate drilling reports)
- Is self-contained
- May be composed of other services
- Is a “black box” to consumers of the
service “
Cloud services(i.e. public/private cloud IaaS, PaaS and BPaaS) , according to this definition, are similar to
SOA services. However, not all SOA
services are Cloud service because they require automated deployment and
management as well as offering support in order to support the Cloud
characteristics.
It
is essential that the architecture design authority / review board emphasizes
the creation and maintenance of Cloud reference architectures on the enterprise
continuum. Cloud reference architectures
are more interoperable than domain architecture scoped to service delivery and
management. It helps when principles and architectural decisions have been
premade already to enable the Cloud computing architecture to be self service,
network accessible, and scalable.
Cloud
governance will enable architectural building blocks that have already been
identified for Cloud solution architects to use for operational and business
support. This also enables flexibility to use off the shelf cloud service
providers who provide well defined, maybe even standardized, management and
security support as a service.
For
cloud governance to work, some service identification has to be done in advance
(reusable, utility services, for example, to control VMs and deploy/undeploy
applications or services) and implementations of services may be available from
an existing services ecosystem. The existence of this services ecosystem and
concrete architecture makes services via cloud simpler for service
consumers to adopt because the designs and implementations have been
provided.
The benefit of recognizing the heritage of Cloud governance
as an extension from SOA governance is that the existing experience over the
last 5 to 8 years and standards already available for SOA and SOA solutions can
be applied to Cloud Computing and Cloud solutions.
Some of the SOA standards that can be applied to Cloud
include:
- SOA Integration Maturity
Model – this model helps determine the level of service use in an
organization, these levels apply to the use of cloud services. Cloud computing can be seen as the
‘Virtualized” and “Dynamically reconfigurable” levels.
- SOA Ontology defines
service and SOA concepts which can be used as a basis for describing cloud
services, though extension Ontologies should be developed for cloud..
- The SOA Reference
Architecture defines the functional and cross cutting concerns and architecture
building blocks for SOA, which also applies to Cloud.
- The SOA Governance
Framework defines a governance reference model and method that applies to
the development of cloud services and solution portfolio and lifecycle
management. Best practices for governance of Cloud solutions will need to
be developed in addition to this standard.
- Security for Cloud and SOA
go hand in hand to enable both physical and logical security
considerations for services.
Certain functions that may have been optional for SOA
solutions are now mandatory for Cloud solutions, like virtualization, security
across business boundaries, and service management automation. New functions and requirements are getting in
focus with cloud driving experiences from the SOA world to the next level. The functional concerns: operational systems,
service components, services, business processes and consumer interfaces; all
exist in and are relevant to functional concerns for cloud architectures.
In summary, Cloud reference architectures that focus on the
following enable enhanced fit for purpose governance addressing some of the
important concerns around interoperability, security and compliance and SLAs:
- Operational Layer: Infrastructure is part of the operational systems layer, but important in Cloud architectures because Cloud imposes new requirements on infrastructure to enable broad network access, resource pooling, rapid elasticity, virtualization and scalability.
- Service Layer: The common cloud service types, XaaS, are identified in the services layer. These cloud service types, like other services, use and sometimes expose assets in the Operational systems layer. For cloud services, which assets are exposed is often the focus of the service type, i.e. within operational systems, hardware infrastructure is exposed as IaaS, and middleware is exposed as PaaS, and business process as BPaaS.
- Business Process: Business processes participate in a Cloud solution much like they do in SOA solutions, they can be provided as a service (BPaaS) or be the consumer of services (whether they care cloud services or not). Additionally, business processes within a cloud provider organization need to be restructured and streamlined in novel ways to meet much faster time-to-deliver, time-to-change and cost objectives..
- Consumer Layer: The consumer layer is more strictly and carefully separated from the services and service provider to allow pooling and substitution of cloud services or providers.
No comments:
Post a Comment