Windows Azure, Azure Data Services, SQL Data Services and related cloud computing topics now appear in this weekly series.
Note: This post is updated daily or more frequently, depending on the availability of new articles.
••• Updated 3/12-15/2009: More Additions (Amazon EC2 and Rackspace Cloud Servers price war, more S[S]DS updates)
•• Updated 3/11/2009: Additions (mostly about the SDS course reversal)
• Updated 3/10/2009 to add SQL Data Services Abandons REST for TDS API and Knocks My Socks Off and a few others
Azure Services Outage
After about 22 hours, the problem was resolved. The details were moved to Azure Services Outage 3/13/2009 – A Brief History on 3/15/2009 at 9:00 AM PST.
•• Mike Amundsen’s Implementing a Simple Word Search Using Azure Table Storage article of 3/10/2009 is subtititled Exploring Schema-less Storage Patterns and describes tactics for word-searching tables of the Entity-Attribute-Value model rather than relational tables with SQL’s LIKE operator. Mike explains:
Implementing a word search in Azure Table Storage is not quite as easy. First we don't have an equivalent to the
LIKEkeyword at our disposal. Second, we don't have the ability to create secondary indexes on a table (or Entity collection in EAV-speak). That means we need to do the work ourselves. Essentially, we need to build a table to hold the links between search words and the actual
Messagerecords. Doing this will allow us to mimic the
LIKEkeyword from relation query languages.
The technique Mike explains is similar to that used by MapReduce applications over EAV data models, such as Google’s BigTable or Yahoo!’s Hadoop. Here’s a link to a recent Hadoop/MapReduce presentation by Don Brown of Twitpay.
••• Ayende Rahien provides an example of LINQ expressions that implement MapReduce for aggregation in his Designing a document database: Aggregation post of 3/13/2009.
My SAS 70 Audits for Windows Azure and SQL Data Services? post of 3/9/2009 asks Microsoft to state their intentions regarding recurring AICPA Statement on Auditing Standards No. 70: Service Organizations, Type II SAS 70 audits for the Azure Services Platform and SDS without further delay.
Jaikumar Vijayan’s Cloud computing - your privacy check list ComputerWorld UK post of 3/2/2009 reminds IT managers that security and privacy are not necessarily identical subjects, as the World Privacy Forum report on cloud computing observes. JaiKumar writes:
The World Privacy Forum report on cloud computing highlights the benefits of buying-in applications as a service but lists a number of privacy concerns.
It is in sharp contrast to the comments made last week at an IDC cloud computing forum, where speakers described concerns about data security in cloud environments as overblown and "emotional."
The Payment Card Industry (PCI) has a Data Security Standard (PCI-DSS) that’s administered by the PCI Security Standards Council (PCI-SSC), whose five founding members are American Express, Discover Financial Services, JCB International, MasterCard Worldwide and Visa Inc. PCD-DSS v1.2 became effective on 10/1/2008; v1.1 had a sunset date of 12/31/2008.
The PCI-SSC has a program for security companies seeking to become Qualified Security Assessors (QSAs) and to be re-certified each year. QSAs are authorized to conduct PCI-DSS Security Audits. VeriSign’s Lessons Learned: Top Reasons for PCI Audit Failure and How to Avoid Them white paper is a simple guide to audit requirements (requires registration.)
Alan Wilensky’s The Strategist: Certification Services for the Cloud - Reliability, Continuity, and Indemnification Against Outages post of 3/8/2009 describes in detail an aborted research project for “finding a preliminary business model for underwriting business continuity risk within the rubric of cloud applications and hosting services. A concomitant directive was to research new and existing technological models that would offset the risk of such underwriting programs.” Alan continues:
So there was an insurance underwriting and actuarial side, and a real systems side. I was to uncover the insurance industry’s perspective on underwriting SAAS /PAAS / Cloud, etc. I was to bring to the partner underwriters technical proposals that would offset the risk. The project was on a roll and then still birthed. I think it still has merit. I think that the failure of several VC funded net storage start ups points to this, and that even recent hours-long outages in the ‘clouds of the mighty’, should indicate that this analysis was not a complete waste of time. I certainly uncovered gaping holes in the standard insurance industry lines when underwriting business interruptions and continuity for advanced hosting and SAAS.
The topic of business interruption insurance for users of cloud computing services (along with SAS 70 audits) are two of my current favorites. Alan promises “I will list some of the actual programs and concerns that the research entailed. Or, maybe I will extend the current post.”
••• Jeff Currier surfaces after a 4.5-month hiatus with an unsubstantiated claim in his It’s been awhile… post of 3/14/2009 that the SDS team really does “know what it takes to scale a relational store.” Jeff goes on with:
We’ve done this once (with the initial version of Sitka which was built on the same technology) we will do it again. The larger question is getting the right application patterns in place so apps perform well on the system. That’s it for now but stay tuned. [Emphasis added.]
I thought Jeff was a victim of the downturn.
••• Mike Amundsen takes on SDS’s move from HTTP to TDS:
••• Jeffrey Schwartz interviews the SDS team’s senior product manager Niraj Nagrani in his Microsoft Exec Explains SDS About-Face article of 3/12/2009 for Visual Basic Magazine. As expected Niraj replied to most questions with the same generalities we’ve heard from S[S]DS evangelists, architects and other product managers.
••• Scott Watermasysk considers the move from the EAV to RDBMS model to “be a smart move on Microsoft’s part” in his SDS – Take 2 post of 3/12/2009.
••• Pablo Castro chimes in with his SQL Data Services goes full relational post of 3/12/2009, which attempts to clarify how TDS “would play in the Internet. … For the scenarios where the client is connecting to SDS from across the web, there are two challenges: firewalls and latency.” Pablo writes:
The server side of TDS by default listens in TCP port 1433, which a lot of firewalls will just block; furthermore, TDS is not HTTP, so a packet-inspecting intermediary could choose not to let the traffic through, regardless of the port number. This could certainly create some trouble that will need to be addressed at some point.
From the latency perspective, the short story is that I think it’s fine. TDS follows a simple request/response model, so interactions between clients and servers are straightforward and not chatty at all (things are more complicated when MARS is enabled, but that’s another story). We have experience tuning TDS for large WANs with high latency and things work out well as long as you optimize for those scenarios (e.g. batch queries together, etc.).
I doubt if any network admin or DBA who remembers the Slammer worm will open port 1433 for TDS at either end of the proposed connection. This means REST or SOAP, neither of which are fast, for bulk loading data from an existing data sources. I’ve asked Pablo “Who’s gonna write the SSIS package?”
••• Dave Robinson answers Jamie’s and others questions about SDS v1 in his First round of Questions and Answers post of 3/12/2009 to the SDS Team Blog. Dave answers “Will SDS support Database Encryption (certificate and key management)?” with a not very encouraging:
Database encryption? Not initially, but it’s on the list and as we have demonstrated – if there is sufficient customer demand, it will be one of the first things we add after v1. [Emphasis added.]
reply, which conflicts with Niraj Nagrani’s response:
We are looking into the type of workload and requirements for row-level security and column-level security and based on the requirements, we will actually enable those features.
Of course, Niraj didn’t say when the team “will actually enable those features.” See my comment to Dave’s post.
••• Jamie Thompson’s SDS goes full circle post of 3/10/2009 summarizes the move from the Authority-Container-Entity (Entity-Attribute-Value) data mode to a real RDBMS in the cloud and then posts 10 questions for SDS evangelist Dave Robinson to answer.
•• Mike Amundsen’s abandon all hope (for REST) ye who enter here post of 3/10/2009 casts doubt on the wisdom of Microsoft’s transition of SDS from the schemaless Entity-Attribute-Value (EAV) data model to a full relational model with the features developers have come to expect from an enterprise-grade RDBMS. Mike concludes:
in the end, it's all just data. and the immediate tactics employed by Microsoft or Google or Amazon are just a blip in the big picture. in the long run the trend is away from walled data and toward mixing information bits from lots of places. the good news is that, by switching to supporting TDS instead of HTTP, Microsoft customers will be able to take advantage of Microsoft's cloud offerings sooner and with less effort. the bad news is that, by sticking w[ith] TDS, Microsoft and its customers run the risk of falling behind in the broader trend of storing, sharing, and leveraging data in the Internet.
oh yeah, me? i'll keep pushing for better EAV support from Microsoft. and i'll be brushing up on my SimpleDB skills.
and that's a bummer.
•• Liam Cavanaugh chimes in from the Microsoft Sync Framework group with The Clouds are clearing in Redmond of 3/10/2009, which describes how moving to the full RDBMS model helps his “Huron” incubator project, which synchronizes client data with SDS occasionally connected client scenarios.
•• Mary Jo Foley (ZDNet) and Jeffrey Schwartz (Redmond Developer News) add to the SDS course reversal buzz with Microsoft details changes coming to SQL Data Services and Microsoft Revamps SDS Cloud Database post of 3/10/2009.
•• MSDN offers an early SQL Data Services RDBMS Model white paper that’s not very informative. The second illustration has unreadable captions and no link to a larger image. FAIL!
• My SQL Data Services Abandons REST for TDS API and Knocks My Socks Off post of 3/10/2009 discusses the SQL Server and SDS teams’ decision to abandon the RESTful ADO.NET Data Services (and, presumably, SOAP) interfaces to SDS and the Entity-Attribute-Value (EAV) data model for a conventional SQL Server 200x instance running in the cloud.
My SAS 70 Audits for Windows Azure and SQL Data Services? post of 3/9/2009 asks Microsoft to state their intentions regarding recurring AICPA Statement on Auditing Standards No. 70: Service Organizations, Type II SAS 70 audits for the Azure Services Platform and SDS without further delay. (Copied from the Azure Blob, Table and Queue Services section.)
•• Steve Marx replied to my question about SAS 70 Audits for Windows Azure and SQL Data Services? of 3/9/2009 in the Windows Azure forum on 3/10/2009:
We are in the process of evaluating various certification requirements relative to Windows Azure with a goal toward achieving key certifications by commercial launch or shortly thereafter.
But the reply doesn’t answer the specific question about SAS 70 audits.
••• Aaron Skonnard demonstrates new features in WCF REST Starter Kit Preview 2 that simplify creating RESTful clients in in a Screencast: HttpClient + Twitter REST API in under 3 minutes video segment of 3/13/2009. Aaron’s Consuming the Twitter REST API with HttpClient (WCF REST Starter Kit) post of the same date delivers the source code for the video.
WCF REST Starter Kit Preview 2, which the WCF team released today on CodePlex, provides an upgraded HttpClient class for accessing WCF and third-party REST services from within .Net applications.
••• Ron Jacobs, “The New WCF and WF Evangelist” has put together a set of four WCF REST Starter Kit Hands On Labs for Preview 2 that he describes in his WCF REST Starter Kit Preview 2 Is Here post of 3/13/2009.
••• Eugenio Pace adds to his “Architecting Cloud Applications for the Enterprise” series with Part V – Management on 3/13/2009 with this scenario:
John and his [SuperCloudySoftware] team realize that the Web dashboard for monitoring is not enough for [VeryBigCorp’s] requirements. It is still a good thing for their smaller Customers that don’t care too much about it anyway except when there are problems, but it will not work for VeryBigCorp.
So they propose the following architecture for using System Center Operations Manager, an MMC console, and PowerShell as the front-end:
You can download from CodePlex the source code for Azure IssueTracker Enterprise Edition with the following added features:
- Federation with a custom identity provider (standard edition illustrates federation with LiveID)
- Management APIs for the service that can be integrated into:
- Powershell scripts
• Eugenio Pace presents Architecting Cloud Applications for the Enterprise – Part IV - SuperCloudySoftware sketches IssueTracker Enterprise Edition on 3/9/2009, which continues his series that “explore[s] the challenges of building services for an enterprise, illustrating those through a dialogue between VeryBigCorp CIO and a team from SuperCloudySoftware.”
The team decides “to use claims and federated identity [with Geneva]. This allows the service to rely on somebody else that it trusts to authenticate users (VeryBigCorp) and deal with an abstracted set of facts (claims) about the requestor that are used for authorization.” Here’s Eugenio’s illustration:
MSDN Up North’s Tore Vestues (Norway) interviews Clemens Vasters and Lars Wilhelmsen about Windows Azure, the .NET Service Bus and related cloud computing topics in this 00:29:50 video segment (in English.) Clemens is now the program manager for the .NET Service Bus; he was a PM for its predecessor, the BizTalk Services incubator project.
••• Steve Marx’s Announcing Botomatic.com - Build Your Own Twitter Bot post of 3/13/2009 describes his Azure-based automated bot-builder for Twitter, which follows his original Anonomatic bot that issues anonymous Tweets from Direct Messages you send. (Steve demonstrated @Anonomatic at the recent MVP Summit at the Redmond campus.)
••• Steve Marx further explains in his Custom Domain Names in Windows Azure post of 3/13/2009 how to use CNAME records to map http://www.botomatic.com to http://botomatic.cloudapp.net and redirect http://botomatic.com to http://www.botomatic.com.
The service is currently gathering and organizing online calendars for two towns: Keene, NH and Ann Arbor, MI. I’m keeping the list of iCalendar feeds for Keene, and Ed Vielmetti is keeping the list for Ann Arbor.
If you’d like to play along in your town, just pick a Delicious account, bookmark all the useful iCalendar feeds you can find, plug in some metadata, and point me to the account. I’ll register it with the service.
Jim Nakashima’s Updates to Windows Azure MVC Cloud Service for MVC RC2 post of 3/8/2009 describes “a hotfix that will solve stability issues when using MVC with the Windows Azure Tools.” He’s also “added more detail to the original MVC on Windows Azure post by making it a walkthrough.” Here are the links:
Jeff Hunsaker’s Configuring a Development Sandbox for the Azure CTP post of 3/7/2009 provides step-by-step instructions for creating a VM for testing Azure with the trial VPC download of Windows Server 2008.
••• Daryl Plummer posits that “a consumer of an unlimited capability will consume unexpected amounts” in his Cloud Elasticity Could Make You Go Broke post of 3/11/2009, which analyzes “On-Demand Overspending” on clouds.
Daryl is a group vice president and Chief Gartner Fellow. He manages the Emerging Trends group in Gartner and is a primary analyst in software infrastructure, which includes cloud computing. I recommend his blog highly. (Subscribed).
- Chris talks about some of the myths and misconceptions about security in the cloud. He addresses the claim that Cloud Providers Are Better At Securing Your Data Than You Are and the benefits and shortcomings of security in the cloud.
- We talk about Chris's Taxonomy of Cloud Computing (excuse me, model of cloud computing)
- Chris goes through some specific challenges and solutions for PCI-compliance in the cloud (00:20:50)
- Chris examines some of the security issues associated with multi-tenant architecture and virtualization
••• Larry Beck concludes that Dave Cutler Thinks the Fabric Controller is What Differentiates Azure from Other Cloud Offerings in this 3/13/2009 post, which is based on Mary Jo Foley’s Red Dog: Five questions with Microsoft mystery man Dave Cutler post of 2/25.2009. Larry writes:
According to Cutler the biggest differentiator between Windows Azure and the competition is the “fabric controller”, the component that owns all cloud resources and manages the placement, provisioning, updating, patching, capacity, load balancing, and scaling out of cloud nodes. I also have been thinking that the fabric controller is really the secret sauce of Windows Azure, and why Microsoft will have a leg up in the space for a while to come. …
I look forward to learning more about the capabilities of the fabric controller, and hope that some day we may see this be available for enterprise data centers as well.
••• Wriju Ghosh’s Azure Services White Papers post of 3/12/2009 provides links to and brief descriptions of eight white papers about the Azure Service Platform’s components, including table, blob and queue programming techniques.
••• James Urquhart asks Did Sam's Club expose a great SaaS opportunity? by selling a healthcare Electronic Records Management (ERM) software bundle to medical and dental clinics for a $25,000 up front license fee charged to the first physician in a group. James writes:
Much better would be a subscription-based pricing, with perhaps some additional upfront fees for the PC, training and installation. Even better than that would be an entirely Internet-based solution with a secure connection between the host and a Rich Internet Application user interface. Best would be a solution delivered in a true service delivery platform, with complete end-to-end trust and performance features.
It sounds to me like a great opportunity for Best Buy + Geek Squad or Costco.
••• John Foley says At-Risk Government IT Systems Require Immediate Action on 3/12/2009 because:
The federal government's new "pro cloud" attitude is about to get its first test. Office of Management and Budget director Peter Orszag is warning that a government portal used for competitive grants is at "significant risk of failure" due to system overload. Can cloud computing save the day?
The OMB has identified the Grants.gov site, where citizens can go to apply for more than a thousand grant programs, as being particularly vulnerable to a spike in traffic as people rush to file applications tied to the recently signed Recovery Act. According to a memo issued March 9 by Orszag, Grants.gov has experienced traffic over the past few months that "far exceeded" its anticipated workload, resulting in performance degradation. What's more, Grants.gov could be in for a 60% increase in application traffic in the months ahead.
••• Krishnan Subramanian’s Cloud Computing Security Framework May Nudge The Enterprises Towards Clouds post of 3/12/2009 points out:
The current issue of Information Security magazine has an article about the upcoming release of Cloud Computing Security Framework by the Jericho Forum. Jericho Forum is a group of people from various companies, mostly in the rank of Chief Security Officer, who love the idea of Cloud Computing and are interested in developing proper security procedures. These are the people who understand the business advantages associated with de-perimeterization (the erosion of network perimeter as we know it from the enterprise IT) and believes in responding to the challenges of de-perimeterization must be central to all IT security strategies.
The March 2009 issue also has a How to Secure Cloud Computing article by Neil Roter. Reading either article requires an onerous registration process.
••• Sam Diaz reports on 3/12/2009 from San Francisco’s SaaS Summit with is Pondering cloud computing at the SaaS Summit post that includes the following questions posed and addressed at the conference:
- What exactly is cloud computing?
- Is it safe? What are we doing about security?
- What are the largest forces pushing companies into the cloud?
- Will these new cloud startups be around in another year or two?
- Who’s buying into the cloud - the large corporations or the SMBs?
A Twitter Search turns up quite a few comments by attendees.
••• Gregg Ness performs a thorough analysis of what he believes to be Nick Carr's Cloud-Network Disconnect in this 3/12/2009 post to Cloudonomics Journal. Gregg’s posits:
The cloud computing models that Carr describes will require fundamental breakthroughs in the way networks, applications and endpoints interoperate. It will require unprecedented automation inside the network as well as an unprecedented scaling of network capacity.
•• Steve Martin’s Web Computing - Premsises, Hosting and Cloud post of 3/10/2009 explains (unconvincingly) why Microsoft hasen’t “yet announced pricing for the Azure Services Platform. There are a couple of reasons for this:
It’s early. We’re still in feedback collection mode with commercial availability targeted for the end of 2009. Right now we are focused on getting feedback on the services and making improvements where needed.
But Microsoft is late to the cloud computing market. Current cloud vendors publish pricing, even for beta services.
We want to encourage development free from economic constraints. The moment you introduce an economic model, developers begin architecting around it based on what they perceive to be most cost effective. We just want folks to build architecturally sound applications and tell us what they think.
Undoubtedly “developers will being architecting around” SDS if Microsoft adds a significant surcharge for use of SQL Server compared with Azure Tables. Architecturally sound applications that aren’t economically sound are a waste of time, energy, and money. Brian Sommer’s The ROI needed to sell software/services post of 3/11/2009 explains that vendors must “offer convincing proof of the difference their efforts or products can make” at what cost.
• David Linthicum’s Cloud Computing – Removing Risk and Conserving Capital post of 3/10/2009 discusses how to “preserve capital” with cloud computing:
Core to the ability to preserve capital issue is the ability to upsize your IT infrastructure on demand, or simply pay more money for additional computing capacity. Many cloud computing providers call this being elastic, or the ability to grow or contract to accommodate the business.
I believe Dave intended to say “conserve capital,” but that’s splitting hairs.
• George Crump asks “Is primary storage going to be made extinct by the cloud?” in his The Cloud And Primary Storage InformationWeek post of 3/10/2009. George concludes:
The ability to scale quickly and provision efficiently isn't just a matter of convenience. Scaling, just like thin provisioning, is a cost saver. Both capabilities, especially when combined, allow you to wait until the last possible second to purchase more storage. As we all know, storage isn't wine, it does not get more expensive with age. Companies that let you wait until the last possible second by providing the ability to scale quickly and simply as opposed to making it a major project, also allow you to wait until storage is at its best possible price point. Buying storage a year in advance should be avoided, especially now.
• Geva Perry’s Cloud Pricing and Application Architecture post of 3/10/2009 contends that
Cloud pricing models will affect architectural choices (or at least they should). Todd Hoff discussed this issue in a HighScalability.com post entitled Cloud Programming Directly Feeds Cost Allocation Back Into Software Design.
Geva says “This post is another example of [his] Why (and What) Every Business Exec Should Know About Cloud Computing.”
• Brandon Watson, a Windows Azure Director, offers a presentation he gave to venture capitalists on the state of cloud computing at the level of the major platform providers: Amazon Web Services, Google App Engine and Windows Azure. (According to his Cloud Platforms – What’s Going On? post of 3/9/2009, Brandon “spent time at Soros Private Equity, [where he] learned a ton about the other side of the table, investing over $70 million, mostly in technology related businesses.”
My SAS 70 Audits for Windows Azure and SQL Data Services? post of 3/9/2009 asks Microsoft to state their intentions regarding recurring AICPA Statement on Auditing Standards No. 70: Service Organizations, Type II SAS 70 audits for the Azure Services Platform and SDS without further delay. (Copied from the Azure Blob, Table and Queue Services section.)
Dana Gardner’s Survey says: Cloud computing proving to be a two-edged sword in a down economy post of 3/9/2009 for ZDNet analyzes “a recent survey commissioned by IT consultancy Avanade, Inc., Seattle, Wash., and conducted by Kelton Research, Culver City, CA.” Dana summarizes:
Cloud computing seems to be trapped between the rock of great expectations and the hard place of low confidence. While most enterprise and IT decision makers view cloud as a way to lower capital and operational costs, the way to more aggressive cloud adoption is blocked by concerns about security and control.
Gary Orenstein’s Cloud Computing’s Three-Horse Race post of 3/8/2009 for GigaOm examines these three models:
- Renting raw hardware: compute processing, data storage and networking bandwidth (Iaas).
- Leveraging an integrated application development engine (PaaS).
- Ordering an application (SaaS).
So where are we headed next? Undoubtedly a combination of all three deployment models. Some companies, like data warehousing specialist Vertica, are taking the debate off the table by offering customers software, appliances or cloud services on top of Amazon’s infrastructure.
But I believe that for companies providing new cloud offerings, the software-as-a-service or “order and application” approach will prove the most rewarding.
Tim Long’s World Bigger Than First Thought post of 3/7/2009 reminds everyone that Windows Azure finally migrated to Universal Coordinated Time (UTC) on 3/8/2009 when most of the rest of us migrated to Daylight Savings Time.
Gojko Adzic’s QCon London 2009: Database projects to watch closely post of 3/12/2009 reports on Geir Magnusson’s presentation entitled Cloud Data Persistence or ‘We’re in a database reneaissance - pay attention”:
The main message of his talk was that “physical limitations of today’s technology combined with the computational complexity of conventional relational databases are driving databases into new exciting spaces”, or to put it simpler the database landscape is changing and we should keep our eyes on that.
Apparently, the SDS folks don’t buy Magnusson’s conclusion. Click here for Gojko’s other reports from QCon London 2009.
•• Cloud Camp London 3 takes place 3/12/2009 from 6:45 PM to 10:00 PM (GMT) at Queen Elizabeth II Conference Centre, Broad Sanctuary, Westminster, London SW1P 3EE, United Kingdom. More than 400 free tickets have been handed out so far.
•• CloudSlam ‘09, a Cloud Computing Virtual Conference, will be held online from 4/20/2009 to 4/24/2009. According to the promoters:
This conference is the global cloud computing event, covering latest trends and innovations in the world of cloud computing. Conference panels, workshops, and tutorials are selected to cover a range of the hottest topics in cloud computing. Descriptions of our conference tracks are presented below.
- Implementation Experiences from various industries.
- Legal Aspects: Privacy and Compliance.
- Business Models.
Conor O’Neill says Irish Cloud Events are just like the 46A Bus. Conor writes:
it@cork will soon be announcing a Cloud Event for April 20th and in between the two, the combined forces of Python Ireland and Ruby Ireland are having their event, [which] will take place on Wednesday, March 11th, in The Vaults in Dublin at 7pm. Event details here. The lineup is:
- Cloudware for Python and Ruby (This talk will focus on the offerings from Google and Amazon.) - Kevin Noonan
- Developing LongURLPlease.com on Google App Engine - Darragh Curran
- Converting a Python library (XLWT) to Ruby (Surpass) - Ana Nelson
- Lightning Talks (If they have time)
••• Craig Balding analyzes What Does PCI Compliance in the Cloud Really Mean? when “Mosso/Rackspace recently announced they have “PCI enabled” a Cloud Sites customer that needed to accept online credit card payments in return for goods (i.e. a merchant).” However, Craig observes:
[T]he website hosted on Mosso’s Cloud, doesn’t actually receive, store, process, transmit any data that falls under the requirements of PCI. …
Yes Cloud Ladies and Gentlemen, this is an implementation of an age-old Internet architecture that involves redirecting customers wishing to pay for the contents of their online basket to an approved and compliant online payment gateway.
Sounds like marketecture to me, too, Craig.
Chris Hoff’s How To Be PCI Compliant in the Cloud... post of 3/15/2009 also debunks the claims in the Mosso Cloud offering and PCI compliance post. Chris’s earlier Please Help Me: I Need a QSA to Assess PCI/DSS Compliance In the Cloud post throws more light on what Mosso/Rackspace claims is a “landmark breakthrough”.
••• Derrick Harris asks Will a Shift to Cloud Computing Create or Cut Jobs? in this 3/15/2009 post. Harris writes:
But where jobs are lost in one area, they sprout up in others. Progressive companies might reinvest their IT savings in jobs that will help the business grow meaningfully, not just in terms of infrastructural complexity. As Werner Vogels says, cloud computing spurs innovation by eliminating the “undifferentiated heavy lifting.”
••• Timothy Prickett Morgan’s Sun parks cloud at data center Valhalla post of 3/13/2009 for Channel Register reports:
The details are unknown, but reports coming out of the AFCOM Data Center World conference (here and here) indicate that this time around, Sun is going to use a third party hosting company [Switch Communications’ SuperNAP in Las Vegas] to host its cloud computing offering instead of hosting it in its own high-tech (and much bragged about) data centers.
The reported decision follows Sun Microsystems’ launch of its Sun Grid in February 2005, which Sun later renamed to Network.com and then abandoned in December 2008.
Is the third time a charm? I doubt it.
••• My Rackspace’s Cloud Servers to Go Live on March 16, 2009 at US$ 0.015/Hour or US$ 10.95/Month Up post of 3/12/2009 announces the start of the cloud price wars:
Rackspace’s Cloud Servers with .NET and LAMP stacks will go live on Monday, 3/16/2009 to establish a new low in on-demand pricing for Platforms as a Service (PaaS), according to Emil Sayegh’s Breaking News: Mosso | The Rackspace Cloud Announces Availability of Cloud Servers and More post of 3/11/2009 and Rackspace’s announcement at the South by Southwest (SXSW) 2009 conference.
••• My Amazon Discounts EC2 Futures with “Reserved Instances” post of 3/12/2009 starts off with:
Seeking to lock customers into their Elastic Computing Cloud for one-year or three-year periods, Amazon Web Services (AWS) announced today “reserved instances.” Werner Vogels’ Introducing Amazon EC2 Reserved Instances - A way to further reduce IT costs post of 3/12/2009 offers more details.
Prospective EC2 users can go long with a $325 up front charge to guarantee availability and fixed, discounted pricing of a small EC2 instance for a one-year period; a three-year term costs $500. Up-front charges are non-refundable.
It’s my guess that reserved instances were an ace in the hole that Amazon was holding for a competitor’s price reduction announcement, such as that above.
••• Geva Perry asks Amazon Reserved Instances: Do They Make Business Sense? in his 3/12/2009 post, which includes an embedded spreadsheet to determine the break-even point for EC2 reserved instances.
Alin Imirie says I Just Saved A Bunch Of Money By Switching To EC2 Reserved Instances in this 3/12/2009 post.
•• John Foley asks Can Trust Clouds Be Trusted With Government Information? in this 3/10/2009 post about Cisco Systems’ and Swan Networks’ “trust cloud” approach to “sharing sensitive information among government agencies.” Foley closes:
Will trust clouds fly? The usage scenarios are compelling, but the security concerns are real. The federal CIO must proceed with caution.
Zoli Erdos’s Oracle Launches Sourcing On-Demand. So Much for the Gibberish-talk :-) post of 3/9/2009 announce’s Oracle Sourcing On Demand solution. Zoli quotes Larry Ellison’s “cloud computing gibberish” comment from the last OracleWorld confab, and then says Jason Busch has the scoop for Sourcing On-Demand:
Oracle really is positioning this solution as a true SaaS offering that companies pay for on a monthly subscription basis. The list pricing is $850 per user per month with a minimum of 20 seats (and a set up fee of $5,000).
Mary Hayes Weier’s Oracle Offers Procurement SaaS InformationWeek post of 3/9/2009 delivers more details about Oracle’s new SaaS offering.
Christopher Hoff describes cloud-based start-up Pixily’s use of Amazon Web Services in his Cloud Computing Not Ready For Prime Time? post of 3/9/2009 that contradict’s (at least for startups) the ComputerWorld article entitled "Cloud computing not ready for critical apps," by Craig Steadman and Patrick Thibodeau. Hoff writes:
[Pixily] had to admit that the day they went live with feature coverage on the front page of several newspapers also happened to be the day that Amazon suffered an 8 hour outage, and thus, so did they.
Now, for a startup, the benefits often outweigh the risks associated for downtime and vendor lock-in. For an established enterprise with cutthroat service levels, regulatory pressures and demanding customers who won't/can't tolerate outages, this is not the case.
Today we're suffering from issues surrounding the fact that emerging offerings in Cloud Computing are simply not mature if what you're looking for involves the holistic and cohesive management, reliability, resilience and transparency across suppliers of Cloud services.
We will get there as adoption increases and businesses start to lean on providers to create and adopt standards that answer the issues above, but today if you're an enterprise who needs five 9's, you may come to the same conclusion as the CIO's in the CW article. If you're an SME/SMB/Startup, you may find everything you need in the Cloud.
Patrick Wolf’s Oracle APEX in the Cloud - It works!!! Try it out! announces on 3/9/2009:
Jason Straub from the APEX development team has put together a step by step instruction for setting up an Oracle Database and Oracle Application Express in the “cloud” aka Amazon Elastic Compute Cloud (EC2). You can even test drive his Amazon EC2 APEX instance!
Robin Harris explains How Amazon builds the world's most scalable storage in this 3/9/2009 post that’s based on Amazon S3 General Manager Alyssa Henry’s Cloud Storage FUD (Failure, Uncertainty, and Durability)keynote at the 7th USENIX Conference on File and Storage Technologies (FAST '09) conference held in San Francisco on 2/24/2009 – 2/27/2009:
Failure and uncertainty play a key role when engineering a general purpose online storage system to be durable, available, scalable, and cost effective. I'll share some of the uncertainty we've encountered and the impact of that uncertainty on the design of the system. I'll also cover some of the hardware and network failures we've encountered, others that we anticipate occurring, and how we've engineered Amazon S3 to be resilient to them.
Is she the same Alyssa Henry that brought us Migrating from DAO to ADO and Porting DAO Code to ADO with the Microsoft Jet Provider technical reports for Microsoft Access?
Sam Charrington’s This is Why Appistry Kicks Apps! post of 3/9/2009 announces Appistry CloudIQ Platform 4.0. You can read more in the "Appistry Gives Cloud a Kick in the Apps!" press release. Sam writes:
With CloudIQ, we address the 80% of cloud computing that too often gets ignored. It is this 80% -- the application layer -- that is the hardest to do. To paraphrase something our CEO, Kevin Haar, said in this morning's press release: It's one thing to deploy and manage a single application in the cloud; it's a whole other ball game when you're an enterprise with entire portfolios of applications you need to launch skyward. (I’ll be addressing the “80%” in a future post.)
That is the reason we’re so excited about our new product, Appistry CloudIQ Manager. CloudIQ Manager gives enterprises a single point of application management as they migrate applications to public and private clouds. More on the new features and benefits of CloudIQ Manager can be found here.
Additionally, if you are interested in learning more about the CloudIQ Platform, I encourage you to register for our webinar on Tuesday, March 31, 2009 at 11:00 a.m. PST.
Reuven Cohen chimes in on the Appistry CloudIQ Manager and Engine in his Appistry Bridging Application Clouds post of 3/9/2009. Reuven writes:
What I like about this approach is their infrastructure & application agnostic, although still focused largely on enterprise private clouds they've realized the opportunity in providing tools to bridge public and hybrid clouds in a secure and efficient way. More simply, they've built a platform geared toward extensibility for existing application stacks, while enabling these existing applications to be packaged and deployed to a cloud without modification, simplifying migration and application portability. A tangable example for the hybrid cloud model.
Guerry Semones’ Building cloud-ready, multicore-friendly applications, Part 1: Design principles JavaWorld article of 3/3/2009 carries this deck:
Multicore processing power and cloud computing are two of the most exciting challenges facing software developers today. Multiple chips or processing cores will enable individual computing platforms to process threads unbelievably fast, and the advent of cloud computing means that your applications could run on multiple distributed systems. In this first half of a two-part article, Appistry engineer Guerry Semones gets you started with the four design principles for writing cloud-ready, multicore friendly code: atomicity, statelessness, idempotence, and parallelism. Level: Intermediate