Recent Blog Entries
Beware Chrome and HTTP/2 Debugging April 2 2023
It’s About Security, not Privacy Feb. 26 2016
Technology Marches On Feb. 18 2016
Bitcoin: Where is the Governance? March 3 2014
Bitcoin March 1 2014
I have previously written about “Cloud Computing” and given various talks on it as well. Cloud Computing continues to be much spoken about in the industry. Yet, the term “Cloud Computing” can cover a lot of ground. The point of this post is that not all cloud services are created equal, you need to carefully evaluate the nature of the cloud service and the service provider when pondering whether or not to place an application “in the cloud.”
A quick review: There are basically three types of cloud service. “Software as a Service” (SaaS), “Platform as a Service” (PaaS) and “Infrastructure as a Service” (IaaS).
Gmail, hotmail, Google Apps are all examples of Software as a Service. By comparison this blog is hosted within the “Google App Engine” which is an example of a Platform as a Service. The difference is that a platform is not immediately usable. You need to write code to make use of the platform. This blog's functionality was written by me, using the services provided by the App Engine.
Finally there is Infrastructure as a Service. IaaS providers provide virtual computers, typically Linux and Windows, to their customers. In many of them you have administrative access. It is just as if you owned a computer in the provider's data center. But you don't. You are responsible for the software that runs on your virtual computer while the provider is responsible for the hardware. For many organizations this is a great trade-off. Hardware breaks, period. Not having to worry about it is a major feature!
SaaS is the most immediately usable solution. If you need electronic mail, you get it. You don't have to write code, you don't have to maintain computers, you just consume the service. Similarly services like Google Apps provide common business functions in an easy to use fashion.
Common Failure Modes. All cloud services suffer from being “not owned by you.” They are all offered by commercial organizations. Commercial organizations can and do fail. And if they do, your application and data can suddenly disappear. Similarly they all operate with acceptable use policies that if you are perceived to violate may have nasty consequences. Now neither of these issues are deal breakers. What is important to understand is that not all providers are created equal. Pick a vendor who you are comfortable with and believe will be available when you need them.
Providers also vary in the terms and conditions that they offer service. Some say very little about security and privacy, some say a lot. As you look to choose a provider, you should make sure you read these terms and policies. What you find may surprise you!
There are also risks/benefits to the various types of services. Whereas SaaS services are the easiest to use, they are also the services with the most lock-in. It may be very difficult or impossible to change service providers. If everyone knows you as “[email protected]” your life may be complicated if that address stops working either because you stopped using gmail or gmail decided to stop supplying you (no offense to Google here). A few years we saw this happening a lot with ISP provided e-mail addresses. When I first received cable based home Internet service the e-mail address they gave me was at “highway1.com” which became “mediaone.com” (tough on you if you didn't like the change) which became “attbi.com” and is now “comcast.net.”
My advice to people.... Buy your own Internet domain, they are cheap and there is competition in domain name registrars so you can move your domain between providers. There isn't a lock-in (at least not for the more common domains). Although this requires some skill, you can arrange for an e-mail address at your chosen domain and then forward that to an e-mail SaaS of your choosing. Moving between e-mail providers is still a pain, but at least you do not need to inform all of your contacts of your new e-mail address.
I am going to skip discussing Platform as a Service here because this post is getting long. Perhaps in a future post.
So, let's skip to Infrastructure as a Service (IaaS). This is my favorite form of cloud computing. Of course I am a programmer, system administrator, general infrastructure guy myself, so there is a natural affinity. This isn't for everyone.
That said, IaaS services have a bunch of interesting properties. There are more then a few providers, so you have less lock-in then SaaS and PaaS providers. A linux VM from one provider pretty much works the same as a linux VM from another provider. Yet there are things to look at in IaaS services. There is of course the normal terms and conditions to read and business stability to consider. But there are other more subtle issues as well. When you spin up a virtual computer what Internet Protocol (IP) address will it get. More importantly what neighborhood is it in (what!). Yep, can you send e-mail from that IP address or is it on the block lists of all known ISPs! Maybe you don't need to send e-mail so you don't care, but maybe you do! Personally I maintain VM's at three different providers. In fact one of the applications I run uses resources at two different providers in a redundant fashion so if a provider fails, I'm still up. But that is for another post...
Of the three providers that I use, at one of them I have a “good” IP address that I can use to send e-mail. As you might imagine getting an account at this provider required the most “hassle” factor because the provider was very concerned about their services being used to send spam, so they vette their customers more seriously (I passed). Yet at another provider the IP address I have is on every spam block list I can find. Not because I send spam, but because computers on adjacent addresses send spam. I am in a “bad neighborhood” so to speak.
One of the more interesting features to understand about IaaS is that your data is structured by you, not the provider. In cases of SaaS and PaaS, you make use of facilities provided by the provider. So your data is interpretable (and exploitable) by the service provider. However in the case of a VM provider, they are offering you what is effectively raw disk space. You are responsible for building up the file systems and management databases for handling your data. This also means that you can encrypt it if you so choose. This makes it very hard for the infrastructure provider to exploit your data. Now of course, if they really want to get to your data, they can (unless you are only storing data that is encrypted before it arrived at the provider and is never decrypted while it is resident there, check out http://tahoe-lafs.org for a file storage system that has exactly this property, which I do use). However they really have to want to do so. They cannot just casually look at your data or use data mining tools against all of their customers with ease (as can be done with SaaS and to a lesser degree PaaS providers).
So in conclusion, “Cloud Computing” is an interesting technology/service offering. But you need to carefully consider your situation and the services and types of services that are offered out there. Choose wisely and thrive. Choose poorly and...
Copyright © 2009-2023 Jeffrey I. Schiller