2. Simon Guest Senior Director, Technical Strategy Microsoft Corporation Session Code: ARC Pre Conference

3. This is Jim

4. Jim is an IT Architect

5. For a large pharmaceutical

6. Jim’s Boss (the CIO) has asked him to “ move their company to the cloud”

7. Jim has no idea what this means

8. Jim has heard of cloud computing, but is lost when it comes to the terminology

9. Is cloud computing just about virtualization in the data center? http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9121923

10. Is cloud computing just another term for software as a service? http://www.daniweb.com/blogs/entry3993.html#

11. Is cloud computing something new? http://www.cloudviews.org/2009/01/is-this-cloud-thing-something-new/

12. Is cloud computing for stupid people?! http://cloudcomputing.sys-con.com/node/692407

13. Goal of the next 55 minutes: Help Jim “demystify” the cloud

14. Help him understand the terminology surrounding cloud computing

15. Show Jim what applications make sense in the cloud, and why

16. Teach Jim the important considerations for moving to the cloud

18. Buzzword Bingo

19. SOA – Service Oriented Architecture

20. SaaS – Software as a Service

21. Web 2.0

22. RIA – Rich Internet Applications

23. Software + Services

24. Are any of these cloud computing?

25. Not really – these are styles of application architecture

26. These styles may work in the cloud, but by themselves they are not cloud computing

27. To understand cloud computing, we need to instead start by looking at where applications live

29. On Premises

30. I purchase my own hardware and manage my own datacenter

31. Order 10 servers from DELL, they arrive a week later, I un-box them and install them in racks

32. Traditional way of doing things – has worked well for Jim the past few decades

34. Hosted

35. I pay someone to host my application using hardware I specify or provide

36. “ Dear hosting company, please set me up 2 x dedicated Web servers and 1 x database, backed up nightly” “Sure – that’ll be $21.99 per month”

37. Used heavily for public web site and/or company extranet and partner sites

39. Cloud

40. Pay someone for a pool of computing resources that can be applied to a set of applications

41. With a cloud, the administrator defines the service level for an application

42. The cloud software manages the application by creating one or more instances and handling storage

43. An application running in the cloud on x nodes is reaching capacity. Nodes increased to x+n

45. Cloud “Variants”

46. Private Cloud

47. Pool of computing resources that lives within a self managed datacenter

48. Pool of computing resources that lives within a datacenter with no sharing

49. Hosted Cloud

50. Pool of computing resources that is offered through a hoster, utilizing software from another vendor

51. Public Cloud

52. Pool of computing resources offered from the same vendor that supplies the software

53. Jim now understands the style of an application, and where it lives , but who creates the application?

54. Build vs. Buy

55. Application runs on-premises Application runs at a hoster Application runs using cloud platform Build vs. Buy Build Buy “ Packaged” Application An application that I buy “off the shelf” and run myself “ Home Built” Application An application that I develop and run myself Hosted “ Home Built” An application that I develop myself, but run at a hoster Hosted “ Packaged” An application that I buy “off the shelf” and then run at a hoster Cloud Platform An application that I develop myself, that I run in the cloud “ Software as a Service” A hosted application that I buy from a vendor

56. “ Nice diagrams so far… … but, what about my applications?”

58. “ CRM and Email are commodity services. We have few customizations, and it should be cheaper for someone else to run these.” Application runs on-premises Application runs at a hoster Application runs using cloud platform “ Packaged” Application “ Home Built” Application Hosted “ Home Built” Hosted “ Packaged” Cloud Platform “ Software as a Service” CRM / Email Clinical Trial MRI Imaging HR Application Viral Marketing Molecule Research

59. “ This is a viral marketing website. It has a small chance of being really big, but we’re not sure!” “ How difficult is it to move these to a software as a service model?” Application runs on-premises Application runs at a hoster Application runs using cloud platform “ Packaged” Application “ Home Built” Application Hosted “ Home Built” Hosted “ Packaged” Cloud Platform “ Software as a Service” CRM / Email Clinical Trial MRI Imaging HR Application Molecule Research Viral Marketing

60. “ This application runs at full capacity for short periods of time at the end of each month.” In case it is successful, we’re interested to see if the cloud would help us scale better.” Application runs on-premises Application runs at a hoster Application runs using cloud platform “ Packaged” Application “ Home Built” Application Hosted “ Home Built” Hosted “ Packaged” Cloud Platform “ Software as a Service” CRM / Email Clinical Trial MRI Imaging HR Application Viral Marketing Molecule Research

61. “ MRI images are very large and exponentially growing. Is there a better way of storing these?” “ Can the cloud help us in providing compute power on an as needed basis?” Application runs on-premises Application runs at a hoster Application runs using cloud platform “ Packaged” Application “ Home Built” Application Hosted “ Home Built” Hosted “ Packaged” Cloud Platform “ Software as a Service” CRM / Email Clinical Trial MRI Imaging HR Application Viral Marketing Molecule Research

62. “ Does the cloud give me the storage I’m after?” “ We need to share results from our H1N1 trials with government entities.” Application runs on-premises Application runs at a hoster Application runs using cloud platform “ Packaged” Application “ Home Built” Application Hosted “ Home Built” Hosted “ Packaged” Cloud Platform “ Software as a Service” CRM / Email Clinical Trial HR Application Viral Marketing Molecule Research MRI Imaging

63. “ I can’t afford to maintain this old HR application written in VB – it’s driving me mad!” “… but due to regulatory issues, I can’t store my data off premise.” “ Does the cloud provide anything for inter-organization communication?” Application runs on-premises Application runs at a hoster Application runs using cloud platform “ Packaged” Application “ Home Built” Application Hosted “ Home Built” Hosted “ Packaged” Cloud Platform “ Software as a Service” CRM / Email Clinical Trial MRI Imaging HR Application Viral Marketing Molecule Research

64. “ A good solution could be to find a suitable packaged application here.” Application runs on-premises Application runs at a hoster Application runs using cloud platform “ Packaged” Application “ Home Built” Application Hosted “ Home Built” Hosted “ Packaged” Cloud Platform “ Software as a Service” CRM / Email Clinical Trial MRI Imaging HR Application Viral Marketing Molecule Research

65. What patterns do we see here?

66. Pattern 1: Transference

67. Taking an existing on-premises application and moving it to the cloud

68. Application runs on-premises Application runs at a hoster Application runs using cloud platform “ Packaged” Application “ Home Built” Application Hosted “ Home Built” Hosted “ Packaged” Cloud Platform “ Software as a Service” CRM / Email Clinical Trial MRI Imaging HR Application Viral Marketing Molecule Research

69. Drivers? Economic, Consolidation, Prototyping

70. Pattern 2: Scale and Multi-Tenancy

71. Creating an application that has the ability to handle web load without requiring the full capital investment from day one

72. Application runs on-premises Application runs at a hoster Application runs using cloud platform “ Packaged” Application “ Home Built” Application Hosted “ Home Built” Hosted “ Packaged” Cloud Platform “ Software as a Service” CRM / Email Clinical Trial MRI Imaging HR Application Viral Marketing Molecule Research

73. Drivers? Prototyping, Risk Mitigation

74. Pattern 3: Burst Compute

75. Creating an application that has the ability to handle additional compute on an as-needed basis

76. Application runs on-premises Application runs at a hoster Application runs using cloud platform “ Packaged” Application “ Home Built” Application Hosted “ Home Built” Hosted “ Packaged” Cloud Platform “ Software as a Service” CRM / Email Clinical Trial MRI Imaging HR Application Viral Marketing Molecule Research

77. Drivers? Economic (avoiding over capacity)

78. Pattern 4: Elastic Storage

79. Creating an application that has the ability to grow exponentially from a storage perspective

80. Application runs on-premises Application runs at a hoster Application runs using cloud platform “ Packaged” Application “ Home Built” Application Hosted “ Home Built” Hosted “ Packaged” Cloud Platform “ Software as a Service” CRM / Email Clinical Trial MRI Imaging HR Application Viral Marketing Molecule Research

81. Drivers? Economic (avoiding over capacity), Management

82. Pattern 5: Communications

83. Creating an application that has the ability to communicate between organizations using a pre-defined infrastructure

84. Application runs on-premises Application runs at a hoster Application runs using cloud platform “ Packaged” Application “ Home Built” Application Hosted “ Home Built” Hosted “ Packaged” Cloud Platform “ Software as a Service” CRM / Email Clinical Trial MRI Imaging HR Application Viral Marketing Molecule Research

85. Drivers? Infrastructure Management

86. From this exercise, Jim realizes…

87. Not all applications look the same in the cloud

88. Instead, he must understand the drivers for moving (or creating) cloud based applications

89. Also, not everything makes sense in the cloud

90. Application runs on-premises Application runs at a hoster Application runs using cloud platform “ Packaged” Application “ Home Built” Application Hosted “ Home Built” Hosted “ Packaged” Cloud Platform “ Software as a Service” CRM / Email Clinical Trial MRI Imaging HR Application Viral Marketing Molecule Research

91. So, all of this looks great in PowerPoint … but what else should Jim be considering?

93. Each data center is 11.5 times the size of a football field

94. When you have this many machines to look after, the rules change

95. MTBF (Mean Time Between Failure)

96. Approximate lifetime value that manufacturers state for system components

97. Average Manufacturer Disk MTBF = 1M hours = failure every 114 years (Does not mean that every disk will last 114 years – calculated using batch of 1500 disks running for 30 days without failure) http://www.datarecovery.com.sg/data_recovery/disk_drive_mean_time_failure.htm

98. Average Manufacturer NIC MTBF = 44 years

99. Average CPU Cooling Fan MTBF = 22 years

100. Statiscally, with 20,000 machines this equates to 2 or 3 machines out of order every day

101. Which isn’t bad

102. Except if it’s your machine!

103. What does this mean?

104. Management of a cloud datacenter has to be done differently

105. “ Pager at 2am” vs. “9 – 5 datacenter management”

106. Different replacement strategy NIC Server Rack Container

108. What does this mean for Jim?

109. Jim’s team’s approach to application architecture has to change

110. Away from the approach of a single application running on a single machine

111. Need to move from ACID transaction model to BASE transaction model

112. ACID = Atomic, Consistent, Isolated, Durable (traditional transactional commit model)

113. Really difficult to implement ACID transactions in distributed systems (actually an anti-pattern)

114. Spend a lot of money trying and still not get working perfectly

115. BASE = Basically Available, Soft state, Eventually consistent

116. It’s OK to be wrong, as long as consistency is achieved eventually

117. Compare the cost of an apology vs. the cost of knowing for sure

118. 6.9 million copies of “The Half Blood Prince” were sold in the first 24 hours of release in the US http://en.wikipedia.org/wiki/Harry_Potter#cite_note-bbc-hbp-record-95

119. If you were the online bookstore selling those 6.9 million copies would you optimize for ACID or BASE consistency?

120. If you accidentally oversell by a few books, it’s OK to apologize

121. Flickr (http://highscalability.com/flickr-architecture)

122. Jim’s development team needs to think differently about app architecture in the cloud, especially transactional state

123. “ If my application is running in one of these massive datacenters, it’s not very “green” is it?”

125. The cost to buy a server is cheaper than the cost to run (power) a server

126. Datacenter Power Consumption Chart Power Conversion Cooling Hoteling Systems

127. It’s not only the single server either – it’s about all the other stuff attached…

128. Drug Inventory Service DNS Services Application Deployment Services System Provisioning Services Instrumentation & Monitoring Services Patch Management Services Troubleshooting Analysis Break/Fix Services Network Services Storage Services Messaging Services Authentication Authorization Non-Repudiation Services Access Control Services Presentation Services Credit Card Transaction Service Shipping Service Control Service Pricing Service File Management Services

129. Green Grid (Green Computing Consortium)

130. PUE : Power Usage Effectiveness http://www.thegreengrid.org/Global/Content/white-papers/The-Green-Grid-Data-Center-Power-Efficiency-Metrics-PUE-and-DCiE

131. The ratio of total energy consumption (servers + cooling) to 'useful' energy consumption (servers only). http://it.toolbox.com/wiki/index.php/Power_Usage_Effectiveness_%28PUE%29

132. A typical enterprise-level data center is thought to have a PUE of 2.0 or greater http://it.toolbox.com/wiki/index.php/Power_Usage_Effectiveness_%28PUE%29

133. This means that for every watt of IT power, an additional watt is used to cool and distribute power to the IT equipment http://it.toolbox.com/wiki/index.php/Power_Usage_Effectiveness_%28PUE%29

134. Our prediction is that the Chicago data center will deliver an average PUE of 1.22 http://www.greenm3.com/2008/10/microsoft-blog.html

135. (Can’t have a PUE less than 1.0 – then you’d be generating your own power!)

136. http://download.microsoft.com/download/a/7/b/a7b72ab1-ca17-4589-923a-83b0ff57be6d/Energy-Efficiency-Best-Practices-in-Microsoft-Data-Center-Operations-CeBIT.doc SCRY

137. http://download.microsoft.com/download/a/7/b/a7b72ab1-ca17-4589-923a-83b0ff57be6d/Energy-Efficiency-Best-Practices-in-Microsoft-Data-Center-Operations-CeBIT.doc 22% improvement over 3 years Generation 1

138. http://download.microsoft.com/download/a/7/b/a7b72ab1-ca17-4589-923a-83b0ff57be6d/Energy-Efficiency-Best-Practices-in-Microsoft-Data-Center-Operations-CeBIT.doc Follows Moore’s Law

139. Why is this important to him? He’s not running a cloud data center…

140. True ; but running applications in the cloud means that Jim “inherits” the green profile (PUE) of that datacenter

141. May be of little consequence now, but what happens in 5, 10, 15 years time when regulations get stricter about PUE?

142. Did you know that our industry accounts for 2% of the total carbon emissions – the same as the aviation industry! http://www.gartner.com/it/page.jsp?id=503867

143. When that time comes does Jim want to be measuring his own PUE or inheriting from someone else?

144. Fair point – good to know that you are on it

145. Talking about policy – what’s the deal with cloud computing when it comes to regulations?

147. … especially having your data stored in datacenters located outside your own country

148. For example, would a non-US government entity trust data stored in a US datacenter?

149. Would you trust your data to be stored in a datacenter not in your home country?

150. This is high on the list of concerns for many thinking about moving to the cloud…

151. Ironically, we have these issues today – they are just implicit

152. Takes his laptop on a business trip to: Pierre Lives in: Accesses his email stored in: Through a cache server in: Uses medical app hosted in: Recently updated by a team in:

153. Two solutions:

154. Vendors build datacenters in each and every country

155. An expensive and unlikely proposition

156. There is cultural change of accepting access to data across foreign borders

157. Do you remember online banking 15 years ago? http://findarticles.com/p/articles/mi_m0EIN/is_1995_June_21/ai_17104850/?tag=untagged

158. So, assuming Jim’s data could be stored overseas what does security look like?

160. Two aspects: Physical and Electronic

161. Physical is the easier one

162. Security guys outside the datacenter http://www.rtl2.de/images/trailer/1_policeacademy7_detail.png

163. Biometric devices on datacenter colos http://www.aspwebhosting.com/datacenter.htm

164. Cages around most sensitive equipment http://www.aspwebhosting.com/datacenter.htm

165. Security of the data itself

166. Relatively easy to implement – i.e. encrypt with PK and move to cloud, decrypt with pK when need be On Premises Cloud Datacenter Data PK PK{Data} pK Data

167. Validate integrity, sign with pK and validate by decrypting hash with PK Hash Data On Premises Cloud Datacenter pK PK Hash Data pK{Hash} Data

168. This is relatively secure, but…

169. How does the vendor backup the data (without the key, difficult to know what has changed) On Premises Cloud Datacenter Data PK PK{Data} pK Data What’s changed?

170. How do you create a service that can search cryptographic data? On Premises Cloud Datacenter Data PK PK{Data} pK Data How can I search this?

171. Jim understands that it’s less about trusting the security of data in the cloud…

172. … but more about understanding the use cases of accessing that secure data

173. Related to security, how about the identity of Jim’s users?

174. He’s still suffering from the SSO project that he started 5 years ago…

176. The vast majority of enterprise applications rely on knowing the identity of the user

177. On premise applications often have the luxury of being close to the identity store On Premises Cloud Datacenter App AD

178. Things can get complicated if you transfer the application to the cloud… On Premises Cloud Datacenter App AD

179. Do you want to move the identity provider? Probably not. On Premises Cloud Datacenter App AD Where did AD go?

180. Many organizations end up creating a second ID provider for the cloud Cloud Datacenter On Premises App AD App SQL

181. Even with good replication between the two, this can create a problem with identity management

182. Cloud Datacenter On Premises App AD App SQL Joe [email_address] Joe/Password

183. Even with aggressive replication this is hard

184. Problem gets worse with multiple hosted applications

185. How do we solve this?

186. Similar to your attendee pass Registration Desk Door person Attendee Speaker Crew Main Hall Attendee Speaker Crew Speaker Rm Speaker Crew Bill Veghte Green Room Crew Joe Pharma Attendee Joe Pharma Passport Agency

187. Cloud Datacenter On Premises AD App Joe [email_address] STS (Secure Token Service) [email_address] Attendee Passport Agency Registration Desk Door Person

188. Cloud Datacenter On Premises AD App Joe [email_address] STS (Secure Token Service) [email_address] Attendee Where’s your badge? Where’s your ID? joe@ pharma.com Pwd=123 Please let me use your app I need a badge

189. Cloud Datacenter On Premises AD App Joe [email_address] STS (Secure Token Service) [email_address] Attendee Come on in… Here you are: Attendee Please let me use your app Attendee

190. Claims Based Identity

191. Cloud Datacenter On Premises AD App Joe [email_address] STS (Secure Token Service) [email_address] Attendee Where’s your ID? joe@ pharma.com Pwd=123 No way – you’re fired! Where’s your badge? Foiled! Revenge is not sweet I need a badge Please let me use your app

192. Definitely easier than that SSO project – thank you!

193. This has been good things to consider so far, but Jim has one last question…

194. “… I have a great new idea that I want to try out in the cloud. Will it make me rich!?! :-)”

196. Consultant’s answer: Well, it depends…

197. One on hand, possibly…

198. On premises CRM system

199. $12 per month per user

200. Hardware, software, datacenter hoteling, management, operations, helpdesk, etc.

201. Cloud based CRM software

202. $10 per month per user

203. Arguable $2 per user per month saving (not factoring in migration costs)

204. DELL PowerEdge M600 = $4,689

205. 10 of those = $46,890

206. $0.30 per compute hour (High CPU)

207. The same $46,890 would buy you 156,300 compute hours

208. 651.25 compute days for 10 instances

209. 21.4 compute months for 10 instances

210. Let’s not forget however… Bandwidth is not free

211. Jim’s get-rich-quick idea is a new cloud based application for Blu-ray movies!

212. What’s this going to cost to run?

213. Internet Radio (64kps) 21Gb per month (24 hours per day)

214. YouTube (512kps) 166Gb per month (24 hours per day)

215. HDTV (4Mbps) 1296Gb per month (24 hours per day)

216. Storage - $0.15 per Gb Data Transfer - $0.17 per Gb

217. Sounds cheap, but is it?

218. YouTube example = $0.17 x 166Gb ($28.22 per user per month)

219. HD Movie = $0.17 x 1296Gb ($220.32 per user per month)

220. Jim’s new movie service in the cloud…

221. Storage = 2TB of Movies Stream: ~1,000 users per day @ 4Mbps

222. Storage cost (month) = $150

223. Data Transfer (month) = $215,156

224. … but Jim said he wanted Blu-ray!

225. Storage = 9TB of HD Movies (360 titles at 25Gb per title) Stream: ~1,000 users per day @ 36Mbps

226. Storage cost (month) = $1350

227. Data Transfer (month) = $1.93M!

228. To break-even, each user would have to pay $1,937 per month subscription!

229. “ Several industry insiders estimate that YouTube spends roughly $1 million a day just to pay for the bandwidth to host the videos.” http://techland.blogs.fortune.cnn.com/2008/03/25/youtube-looks-for-the-money-clip/

230. "... Veoh, a video-sharing site operated from San Diego, decided to block its service from users in Africa, Asia, Latin America and Eastern Europe, citing the dim prospects of making money and the high cost of delivering video there.” http://www.nytimes.com/2009/04/27/technology/start-ups/27global.html?ref=business

231. The Point? Sometimes that we forget we are not in a lab!

232. Cloud computing opens up new and interesting possibilities, but don’t forget the business model to support this!

233. When Jim was first looking into cloud computing, he wanted to take his VB6 application into the cloud

234. He now realizes that his VB6 application isn’t well architected for the cloud

235. Nor does the application know what it takes to participate in a pool of computing resources

236. And it definitely doesn’t conform to security and identity considerations for the cloud

237. But now he understands this whole cloud computing space much better

238. He is much clearer on the terminology, understands where his applications can fit, and the considerations for doing so

239. … and is already putting together some of the recommendations he needs for his CIO

240. (which definitely won’t include a movie sharing site!)

242. © 2009 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION. [email_address] http://simonguest.com Required Slide