Autocatalysis

Microsoft’s Oslo initiative, a modeling approach to software development, is one of the pillars of the Microsoft’s dynamic IT strategy. Microsoft’s Azure platform counts on applications that can inform the fabric controller it’s hardware and operating systems configuration needs. The workloads are created and configured based on this information. This concept was explained on PDC 2008 in the quite long but great presentation (see below).
When the applications or services needs are described and modeled, the workloads needed to run them can be created anywhere where the modeling can be translated automatically in infrastructure and workloads configurations. When using modeling, the applications and services can be moved easily from one datacenter to the other, from on-premise testing to cloud production.
Application delivery should be a joint concern for developers and infrastructure professionals. Just like Gartner stated last year, Application Delivery Architects and Engineers Should Be an IT Organization’s Next Key Hires. Developers, application architects and infrastructure architects should work together on making applications and services location independent and making placement decisions better and easier.

Eric Groot Cloud Computing, Infrastructure Application Delivery, Cloud Computing, Infrastructure, Networking

Hypervisors for desktops will bring a major change in delivering applications to users. Until today, we had to centralize applications to work with untrusted, privately owned computers. With terminal server or Citrix presented the applications or desktops, without storing data on client machines. The disadvantage was that applications and data couldn’t be accessed offline.  By using Operating System virtualization on desktops, especially with the use of hypervisor technology, this is going to change. It’s going to be a big thing.

Both Microsoft, Citrix and VMware are working on bringing bringing virtualization of “Operating System environments” (OSE) to the desktop. These OSE’s can be regarded as “digital work environments”. 
On our own laptop (or in the future maybe on any smart device), there is a hypervisor installed, whether or not on a piece of read only hardware. On top of this hypervisor more than one operating systems can be  installed.  Our privately owned operating system, and for instance a business owned OSE. They can communicate with each-other like non-virtualized computers, and at the same time, each operating system can be fully shielded from the others.

This technique, nowadays applied in server environments, will make it possible to work with our privately owned devices in totally separated work environments. We can work in an OSE, delivered by our company or organization with trusted data, with company owned applications. The virtual machine will be managed by the organization. At the same time, we can work with our private virtual machine. Maybe, one machine can establish a connection to a trusted network, while the other cannot.

On September 25, 2008 Steve Ballmer (Microsoft) stated the following:

“ Does any of this to me mean that in the long run a significant percentage of the kind of computing people do on clients today will move to the server? I don’t think so. It doesn’t mean it won’t happen. It doesn’t mean some of it will be important. We’re certainly investing. But perhaps I think the most important thing is the notion of really using hypervisors on the desktop as a technique to improve the desktop experience, as opposed to let’s just move all computation and recentralize it. I don’t really think in the world where people kind of like their own personal devices, people fall in love with their phones, their PCs, their laptops, I don’t think it all gets recentralized.” (http://www.microsoft.com/presspass/exec/steve/2008/09-25churchill.mspx)

Citrix also plans to deliver the hypervisor in the second half of the year with the first release of a new product code-named Project Independence. “The face of desktop computing will change fundamentally over the next few years. Enterprises have long struggled to meet user demands for flexible computing while controlling costs, improving security and simplifying manageability. Achieving these goals requires the right technology as well as a shift in how IT and the user views desktop computing. Project Independence is a strategic product initiative with partners like Intel, focused on local virtual desktops. “

 

VMware View is a comparable approach:” Just as virtualization transformed servers in the datacenter, VMware View is transforming the desktop from device-centric to user-centric.”

This is going to happen pretty soon. Application delivery within OSE-containers is a real opportunity to let us work everywhere, for everyone, with or without connections, controlled and uncontrolled, with our most favored equipment. I’m very curious to all the emerging technologies which will arise from this simple decoupling the of the OSE from the hardware on client devices. Probably “to be continued…”

Eric Groot Infrastructure Application Delivery, Infrastructure, Networking

Can we work with untrusted, not managed computers in our networks? There is a shift in thinking about the management of client computers going on for the past years. The well-managed client paradigm will be replaced by the data-protection paradigm. It’s not the client integrity that we should protect, we should protect the data. Why is this important?

1. Organizations are confronted with an increasing number of privately owned laptops and devices. People, especially the Gen Y, tend to choose their own equipment. You decide what’s good for you. 
2. The productivity decrease that comes along with automatically cutting of non-compliant computers from network resources (like in Network Access Protection) will be unacceptable expensive, while the workers, most of the time, can’t be held personally responsible for working on a non-compliant computer;
3. It’s really hard to manage all devices. Take printers for instance: there’s an operating system installed on most multifunctionals, without anti-malware software.
4. Client protection comes along with banning certain possibilities. Unless you work with highly sensitive or secret data, cutting off digital possibilities and opportunities will lead to a decrease of improvement and innovation initiatives;
5. With the introduction of IPv6 protocol client to server and client to client traffic is direct and IP-Sec protected. Computers are able to exchange data directly, without the use of the corporate (wireless) network. Inspecting the data in transit will be extremely difficult in some cases.

I can surely come up with more examples. The point is: the network itself and client-devices in particular cannot be trusted. A common way to deal with this problem is to create security-zones within a network. In the old days, all equipment like clients and servers, were directly connected. When working with untrusted computers, this must be avoided. The protected data, should be placed in a secure zone, which can be accessed thru firewalls over a limited protocol set like http-https rdp/ica and ssl/vpn. Old-style client-server traffic, as in file-sharing protocols, should be eliminated.

When we build on-premise networks like this, we act just like any internet based provider of applications, systems or network services.

Question is: should we avoid managing client computers/devices at all? Nowadays we provide network users with a desktop and applications, completely centrally managed.  We have decoupled the operating system from hardware and the desktop and applications from the operating system. We deliver applications the same way to any solution: desktops, laptops, terminal servers, virtual operating systems. The device itself doesn’t matter that much anymore.

An example: a managed virtualized operating system (VDI-VMWare View), can be accessed in a network by an unmanaged computer. One works on this virtualized computer on premise or thru an internet connection. This virtualized computer can be streamed to a laptop computer for “offline” work.

These solutions will certainly make working with privately owned computers in corporate networks possible. The conclusion is that we can work indeed within corporate networks with untrusted, privately owned computers.

Eric Groot Infrastructure Infrastructure, Networking

Variations of services

Cloud computing is certainly an important development in IT. It generates a lot of fantasies about how cloud computing will change the world of digital users, professionals, students and so on. Cloud computing is about providing software or IT-related capabilities, like storage, as a service. These services are hosted in large datacenters, and can be accessed from the internet and internet connected devices. There are very different cloud computing offerings though.

I will briefly categorize the offerings by function and viewpoint.

For non-corporate individuals and groups

There are applications and collaboration services for the individual user, self-employed professionals, families, students, and so on. Some of these applications are suitable for corporate professionals too, but using them will be an individual choice.

1. There are applications, like a word processing application, that are not installed on a computer or device and can be accessed and used with a web-browser. Device-independency and sharing/collaborating with the data are the main advantages. Google documents is an example of these applications. The applications are generally provided with basic (most used) functions. These applications are useful for collaborating on an ad-hoc basis, but are often not sufficient for professional work. 
2. There are also web-based applications combined with installed applications on devices. Online storage, sharing, collaboration with rich applications are the key benefits and one can use the rich and advanced application functions for work with high standards and requirements. Apple’s  Iwork ’09 and ILife ’09  is designed for creating rich documents, spreadsheets, online photo albums, web-sites and so on. Similar to the Microsoft Office 2007 and Windows Life services, like Live Mesh, Skydrive and Live Groups and Windows Life essentials services.
3. Next, there are the web 2.0 services like social networks, blog and messaging applications, and so on, where sharing ideas and life in general with groups seems to evolve to communities where one can collaborate, contribute and get rewarded. Delivering API’s for programmers so they can deliver device-based “rich” applications to connect from a device to the cloud service seems to be a good idea. Unfortunately, most applications made today to connect to such a service lack the rich functionalities one hope for. There’s a whole market out there!

For corporate users and commercial hosting

For organizations, working with cloud services is a de facto practice. Organizations themselves host these services. Mobile email, portals, remote desktops, remote applications, follow-me telephony, instant messaging: we are working this way right now. The idea of cloud computing however is to outsource these services, because the corporate cloud computing offerings are very attractive from an investment, cost and operational point of view. For commercial services the same , owning servers, renting rack-space and so on all belongs to the past.

1. Applications like email services, accountancy programs, CRM-applications, project management apps, and so on, are offered in the cloud, most of the time with a pay per user model.
2. One can write an application and host these applications in the cloud. The cloud-service provider offer scalability, and a SLA to guarantee uptime. No knowledge of systems and networking is needed.
3. One can host machines and server-infrastructures in the cloud, from a virtual server to server-farms with virtual networks and virtual storage solutions. Scalability, ease of operation and pay per use  are key concepts.

Comparing Microsoft, Amazon and Google Cloud offerings

Microsoft is offering their Azure platform, where services like .Net services, SQL services, Live Services supports the hosting of web-services. Azure is a developer-centric solution for creating and hosting scalable applications. With Visual Studio, developers can develop their applications and simply deploy their applications in the cloud right away. Azure does support the use of non-Microsoft tools and languages such as Eclipse, Ruby, PHP, and Python. The “platform” is managed thru a web portal, where you can deploy and scale your services quickly and easily. No operating system or networking knowledge is required for using this platform. Build and deploy your app, and scale as needed.

Amazon, offers Amazon Web Services, which is a set of Cloud services, like the Elastic Compute Cloud platform (EC2), the SimpleDB, Simple Storage Service (S3), CloudFront and Simple Queue Service (SQS). One can say that these services together, offer what Azure offers, with one big difference: with the Elastic Cloud Computing offering you can run a virtual machine with an operating system and services of choice. Amazon Cloud Services is more System-Centric, especially with their Elastic Cloud Computing platform, which is basically a machine. As with Azure, one can easily manage and scale the environment thru a simple web service interface. For the server OS instances a flexible and fast commissioning or decommissioning of server images is provided.

Google offers their Google App Engine, in a preview release. It is a developer centric solution which is based around the Python Language with somewhat limited functionalities (no support for writing to disk - databases stored on disk - most modules written in C are disabled). The Django development framework (Django v0.96.1) is included with the Google App Engine SDK. The environment also make use of Google’s BigTable database/storage system and Google File System (GFS). There are API’s provided like the Python Runtime (in which the app runs; CGI, sandbox features, application caching, logging), the Datastore API (effective use of the scalable datastore), the Images API (for image data manipulation), the Mail API, the Memcache API (distributed memory), the URL Fetch API (for accessing other Internet hosts) and the Users API (for integration with Google Accounts).

 

 

Integration with on premise services and applications

The Azure and the Amazon platform is designed to let cloud services and applications interact with local, on-premise data, IT services and applications. Google Apps is not designed with this kind of integration in mind. This type of integration is essential for corporate use. In most corporations and organizations, hundreds of applications are used. With the rise of loosely coupled services and functions, integration of application data is made possible. Regardless of the need for data-integration, there is always an need for interface integration. When one uses many applications and many data sources, it is convenient to bring those applications and data sources together, for instance with portal software, like IBM WebSphere and Microsoft Office SharePoint Server (MOSS). It is possible to create a unified desktop and user interface, regardless of the device you’re working on. Application, desktop and machine-virtualization techniques are widely used and users simply don’t know where the program is running, where the data is stored. There should be no difference at all in the user experience between working with on-premise or cloud apps and data.

 

SOA

Cloud computing is connected to Service Oriented Architecture, where services or functions are loosely coupled designed. In the last decades application functions like data handling and business logic were designed with decoupling and partitioning in mind. Decoupling and partitioning of functions was necessary for service scalability, interoperability and to diminish the number of mutual dependences and failures.

With Service Oriented Architecture a next step was made in decoupling business logic from the applications. With SOA, data retrieval and handling is possible from and to any data source to any  device/interface. Without an Enterprise Service Bus each connection between applications for data-exchange must be programmed and configured separately. With an Enterprise Service Bus all applications are connected to each other thru the Bus, which handles all protocols for data-exchange and logic.

Portals, like WebSphere and Microsoft Office SharePoint Server are a good way to open up different applications in a single interface.

Evidently this decoupling of application logic and data handling made it possible to couple  data from different sources to interfaces for different roles, like customers, factories, suppliers and resellers. A customer who orders a car composed of a certain set of properties, leads immediately to orders in the supply chain, for instance an order for a particular set of tires or a navigation system.

Working like we do

Now, with Cloud Services, the next step is within reach. We can choose to host an application in the cloud in stead of in our own datacenter. As stated earlier you don’t have to worry about server systems, backup, restore, about networking, storage or scalability. You don’t have to invest in systems upfront: you pay per use. Cloud computing could be a smart deal. And with loosely coupled service designs in place it really doesn’t matter where the applications and data is hosted. Moreover, we actually work this way today in our business networks.

 

 

Thinking protocols

When cloud computing is going to be used a few issues has to be addressed. Technically, there are no reasons not to use cloud computing. But there could be legal or corporate policy issues that prohibits the use of cloud computing.

Ownership

First issue is the issue of ownership: who owns the machines, the data, the applications. For an individual this seems less of an issue. But even then, there are cases of information being removed by the provider of the service, like blog services. So, using a cloud application and services rises this question: who owns the data and what is done with the data you store? For example the Google Docs Terms of use: “By submitting, posting or displaying the Content you give Google a worldwide, royalty-free, and non-exclusive license to reproduce, adapt, modify, translate, publish, publicly perform, publicly display and distribute any Content which you submit, post or display on or through the Service for the sole purpose of enabling Google to provide you with the Service in accordance with its Privacy Policy.”

It seems wise to really read the terms of use and privacy policies before sending classified information to these services. Besides company policies, law’s like the USA Patriot Act do raise questions about privacy and ownership. Again: think it over.

Legal

Legislation prohibits the storage of some data. The EU Data Protection Directive places restrictions on the transfer of personal data from Europe to nations (such as the U.S.) whose data protection laws are not judged “adequate” by EU standards. For some data special measures has to be taken to ensure the data is not tampered with or altered. Some governments (like the Canadian) forbids IT organizations to use services which stored or hosted the government’s data outside their sovereign territory.

Protocols/Algorithms

So clearly, it not allowed to store all kind of data anywhere. Companies and organizations should think about there own classifications of data. What data must reside on owned computers and storage, what data is permitted to be stored in the cloud. Again, this is not about techniques, it’s about law’s, terms of use and company policies. In designing integrated on premise and cloud computing infrastructures, we should not only think of how data can be transferred from one application to the other (as we do nowadays), but about how we decide where data is stored, for how long it will be stored. Data must be classified (which is for sure not common practice today) and/or an algorithm or protocol should be in place that makes decisions about storage locations.
As with SOA business logic services, we know how to do this.
Cloud computing architects and consultants should focus on these protocols: making decisions, whether or not automated. For the small businesses and individuals, essentially the same decisions apply: what do I store online, where do I draw the line?

 

 

 

 

Conclusion

Cloud computing is doing smart business, brings us many attractive possibilities, like ease of scaling, no worries about systems and infrastructures and no investments upfront. Cloud computing seems a natural next step for loosely coupled services and SOA. Before cloud computing is used, one has to think about protocols: what do I permit and what don’t I permit to live in the cloud and under what conditions. The possibilities are there, but infrastructure and application architects should go back to the drawing board to work things out and advise wisely!

 

 

Eric Groot Cloud Computing Cloud Computing

 

There are some commercial crowdsourcing initiatives that makes me wonder: is this a fair way of doing business? Take 99designs.com for instance, a design-contest site. The deal is this: as an employer I don’t have to select designers upfront, on the basis of a designers portfolio, I just run a contest. The designer whose design win get paid, all losers get nothing. This is called “an independent online design marketplace” (Brad Howarth, Smart Company, November 25, 2008) or “a job site” (Sue Kwon, CBS Broadcasting Inc, December 8, 2008). Obviously it isn’t both. It is a contest site. Why isn’t this clearly stated? This so-called crowd sourcing initiative is committed to protecting designers’ intellectual property rights – “after all, we’re talking about your rights!”. The fact is that the work that is protected, is tailor-made design work: not suitable for re-use, not suitable for reoffering this in an open marketplace.
More than 20,000 graphic designers have registered on 99designs.com. At free will of course, and as we are aware, free will is a relative fact, dependent on our economic situation for instance. We should be very careful not to abuse the labor of many. Let’s not call commercial crowdsourcing a product marketplace or a job site: these are misleading, victimizing descriptions. Let call it contests or crowd-competitions with small prizes and rewards: that’s more realistic. This crowd-competitions doesn’t have to be a bad thing of course. For instance, it can be used as an instrument for students to engage real world challenges and testing skills. But other instruments, like peer-production or co-creation seems to be a better choice for students, because not only products, services or graphic designs are created but cooperation skills are trained on top of that. So lets go for crowd-cooperation instead of crowd-competition.

Eric Groot Education 2.0, Enterprise 2.0 Crowdsourcing, Education 2.0, Enterprise 2.0