Bob Balaban's Blog

     
    alt

    Bob Balaban

     

    "I’ve looked at clouds from both sides, now"

    Bob Balaban  June 16 2008 01:50:08 PM
    I've been working with Google Apps APIs and trying out various features of the mail, calendar and contacts services (products?) for a few months now. I think I'm getting a handle on the whole "cloud computing" thing. So I thought I'd collect a few observations in a blog post and see what y'all think as well. This is neither a sales job nor a trash job on Google, nor is it meant to be a comprehensive feature comparison of Google Apps vs. Notes. I'm really using Google Apps as a prominent example of "cloud computing", and starting to think about the implications for the collaborative software world.

    What is 'cloud computing'?


    Here's a Business Week article that attempts to define it. I think it does a reasonable job, and it points to IBM as a technology leader in that space. But while I"m sure that IBM has pockets of advanced technology and even offerings in the "cloud", it seems fairly obvious to me that Google is far and away both the technology and the market leader in cloud computing (Microsoft has stuff too, naturally). One could argue with that conclusion, I suppose, and point out that while Google has more offerings in the consumer/mass-market space (gadgets, youtube, etc), they are not necessarily the leader in "enterprise" markets.

    Maybe. I don't know, and that's not the point I'm trying to make, anyway: this isn't a vendor comparison.

    To me, the basic point (or maybe there's more than one point here) of cloud computing appears to be this: cloud providers (if we can call them that) will not only host apps for you, they will supply you with virtually unlimited storage space, and virtually unlimited scalability of access, as well.

    Sign up for a free GMail account with Google, and you get 6 GIG of storage. Sign up for a $50 per seat per year (+ or -) enterprise account, and each GMail user gets 25 GIG of storage, plus more features. That's a lot of email. On the scalability front, Google will happily host your enterprise email regardless of whether you have 3 seats, or 300,000 seats. They offer good searching (duh), security, spam filtering, archiving and so on. And you hardly ever have to delete anything, with that much space available.

    Major Benefits of 'cloud computing'


    The biggest argument I see cloud vendors making for people (and companies) to switch over is the economic one: when you go to Google Apps you're not just going to a "Software As A Service" (SAAS) model, you're outsourcing your entire email infrastructure. No more in-house maintenance of hardware and networking, no more paying pesky admins to wake up in the middle of the night and fix stuff that broke, no more having to re-evaluate and do software/hardware upgrades every year. Google handles ALL of that for you, and it's pretty cheap. You just hired another 100 employees? Go online and create accounts for them on your hosted site (or write a program to do it for you via the Google provisioning APIs), and you're done.

    Google never goes down, they handle all the backups, authentication, access control, routing, everything. And it's all accessible with a browser.

    What are you giving up for 'cloud computing'?


    So what's the downside? Well, you do give up a few things:

     - Functionality. Let's face it, GMail is not the best email system out there, feature-wise or UI-wise. It's still in "beta" 4 years after its launch, it does WAY less than, say, Notes. Same for the Google Apps calendar (one annoying example: they don't allow attachments on meeting invitations...)

     - "Ownership". By that I mean that when all your email is in GMail, you don't ever know where it really is. Same with all the other "cloud" apps -- your data could be anywhere. For a lot of people this isn't a big problem (once they get over that initial slightly queasy feeling, especially when they remember how much money they're saving). But, for some people, it's a show-stopper. Accounting firms, for example. In some countries (and in some states within the U.S.), regulated firms are prohibited from storing sensitive data outside the boundaries of their political unit. Other firms worry that data stored on Google servers that happen to reside in the United States might be vulnerable to arbitrary U.S. Patriot Act subpoena.

     - Application deployment. Email is one thing, enterprise applications (especially custom-built ones) are quite another. You can't go to Google and ask them to give you a Domino server to run your mission critical apps. You can deploy Web apps on Google now, but only if they're written in Python (or something like that). Maybe that will change, but in the meantime, I think most companies who may want to use Google for email will hang on to their app servers for quite a while. But that leads to what I call the "coexistence" question: Since quite a lot of Notes/Domino based applications use email messaging as a transport (many workflow apps, for example, send email notifications to users), how does that work when my email moves to the cloud? Do I have to rewrite all those apps? Yikes. (Quick plug here - no, you don't. Binary Tree (and some other vendors) have coexistence solutions you can, uh, buy).

    Bottom line?


    Are the negatives show-stoppers? Clearly not, Google (and Microsoft, and maybe even IBM someday) seem to be very happy with the rate of growth of their cloud offerings.

    On the first point (Functionality) -- yeah, ok, maybe it's not so great now, but it'll get better over time. And there are evidently a lot of CIOs who look at the cost savings and (perhaps, I'm just speculating here) say to themselves, "Wow! My bonus is going to be HUGE this year. I guess my users can live without a few bells and whistles on their email. No more whining about increasing the mail quotas! Yee-HAH!"

    On the "Ownership" issue, obviously this is a nonstarter for some types of organizations (I don't see the CIA or the military going for it anytime soon). For others, it's just another cost issue: Google will (for a fee) offer certain guarantees about where your organization's data will reside. If you're in (I'm just making up this example) say, the Cook Islands (yes, it's a real place, go look it up), and you really, really, need all your bytes to stay in the Cook Islands, and you can show Google that there's enough like-minded organizations in the Cook Islands to make some money, then maybe Google would simply build a data center there. Or, maybe not, and you find another solution.

    As far as coexistence goes, there are technology solutions, and if you have really important apps that you want to keep on Notes, then the cost is still probably worth it. Careful planning is required, and YMMV.

    I could go on (and on), about APIs, RESTful interfaces, message interoperability architectures, you name it. BUT, I won't, this post is already long enough. Maybe I'll do a Part 2, if there's interest.

    What I REALLY want is for YOU to tell me what you think -- impressions, experiences, razzing, you know, the usual.

    And, in the end, "It's cloud's illusions I recall. I really don't know clouds at all!"
    :-)

    (Need expert application development architecture/coding help? Contact me at: bbalaban, gmail.com)
    Follow me on Twitter @LooseleafLLC
    This article ┬ęCopyright 2009 by Looseleaf Software LLC, all rights reserved. You may link to this page, but may not copy without prior approval.
    Comments

    1Volker Weber  6/17/2008 2:58:05 AM   I’ve looked at clouds from both sides, now

    Nicely written, Bob.

    One thought about the Workflow apps: in Notes you often send document links. If you send proper URIs instead, things get easier.

    2Kerr  6/17/2008 4:45:02 AM   I’ve looked at clouds from both sides, now

    The thing about ownership that confuses me slightly is that large companies already ship their private confidential data off to third parties all the time.

    Sometimes it's in file box full of dead trees sometimes it's on magnetic tape, but this goes on all the time. If your organisation can come to some agreement with a third party for secure storage of that data, it seems pretty straight forward to extend that so that the data is available over a network rather than via a courier.

    Then there are call centres and data centres that are outsourced to third parties. So again third parties are handling potentially sensitive information for your organisation and you need to have good governance in place to make sure your data stays your data. It doesn't seem like too much of a stretch to take the next step.

    3Bob Balaban  6/17/2008 4:51:45 AM   I’ve looked at clouds from both sides, now

    @1 - Thanks! You are correct that replacing db/view/doc links with URLs is one way of remediating cross-platform message issues. However, there are limitations:

    -- You can use a Notes:// style URL, but only if you know that the recipient has Notes on the desktop, otherwise it's useless.

    -- You can use the standard http:// style URL, but only if you know that the server on which the database resides is running the HTTP server, and is accessible from the recipient's location.

    It's a reasonable workaround, but not a cure-all.

    @2 - Hi Kerr! While your point is perfectly valid, there are lots of people who are uncomfortable with hosting sensitive data in the cloud. For one thing, can you always be 100% sure that you can get it back when you need it?

    For another, it's emotionally more nervous-making to know that your online data is really online, but hosted by someone else, compared, say, to a mag tape, which of course could be mounted and read, but is less accessible than stuff on a computer hard drive. It's not just the hoster that could be reading your email, it's anyone who can hack your account, from anywhere in the world.

    Of course, you can encrypt everything, but that causes still more issues....

    4Kerr  6/17/2008 6:54:44 AM   I’ve looked at clouds from both sides, now

    @3, It's the gut reaction that I find interesting. People seem to think that "cloud" suddenly means that everything is insecure. The security questions that get asked when cloud is mentioned often seem to be rhetorical reasons why it can't be done. But those questions are the same ones that companies should be asking and getting good answers for from there current off site storage and outsource suppliers.

    The challenge for the new breed of cloud service suppliers is to answer those questions clearly and convincingly; something they currently seem reluctant to do.

    5John Smart  6/17/2008 9:32:52 AM  My fears, uncertainties, and doubts

    My main concern about cloud computing is an ellaboration on @3. As far as I know, Google et al are missing the following:

    a) SLA - Are they on the hook to keep the service up and running? What if they change their minds, or have a planned or unexpected service disruption?

    b) Is there a way to migrate and take your data elsewhere if you decide that isn't the service for you?

    c) Is there any signed agreement that says they won't share your information with anyone, or even use it internally?

    d) If you want to delete information, will it really be deleted or will the provider keep it forever for their own (research?) purposes?

    e) Can you easily recover your password if your account is hijacked?

    f) Can they provide backups? (if, for example, your account is hijacked, or corrupted, or your users are stupid or dishonest)

    caveats:

    - There are some services that satisfy these conditions. Services that back up your computer over the network, for example, cover this stuff.

    - Some people are willing to accept these risks. I know that for mom & pop shops, loss of their entire email might not be a big deal and they're willing to soley rely on the cloud provider's then-current reputation.

    6Timothy Briley  6/17/2008 11:36:39 AM   I’ve looked at clouds from both sides, now

    I love the Joni reference. My wife and I saw her at Georgia Tech on 11/07/1998 when she opened for Dylan on her 55th birthday. Fantastic show. On a side note, it's still amazing to me that I was able to find the concert date in less than one minute simply by doing a Google search.

    That's the part I like about Google, amazing searches. The part that I don't like is what you mentioned above, that gmail is still in beta. To quote a Lotus Organizer manager back in the 90's, "Some of your co-workers moved their life's data to software still in beta? Those idiots". As long as gmail is in beta, we'll never consider it.

    7Karen Hobert  6/17/2008 8:55:18 PM   I’ve looked at clouds from both sides, now

    As far as I see it there are two forms of cloud computing:

    1. web-centric: your classic SaaS model where web-based applications are hosted by a provider and users pay to play, such as Google Apps

    2. data center-centric: where organizations rent space and web-based applications on hosted servers and have administrative control of the system, like IBM Applications on Demand service. (http://www-935.ibm.com/services/us/index.wss/offerfamily/aod/a1028600)

    Both offer the benefits that Bob illustrates, but they vary in the amount of control the customer has on the administration of the system and information. I'd argue that web-centrice (SaaS) model is much more attractive to SMBs where as the data center-centric model is more attractive to large enterprises. As #2 points out, many large enterprises are doing this already.

    As far as vendors;

    - Microsoft: it's no surprise that Microsoft introduced its Live (web-centric) and Online (data center-centric) cloud computing businesses this last year. They're going for the whole cloud market. From a search perspective Microsoft bought FAST this last fall which is a great technology

    - IBM: IBM has classically been great at the data center-centric stuff through its consulting services and the AoD business is the result of that long standing business. IBM Lotus announced its plans for tackling the SMB and SaaS market this year at Lotusphere but the services will likely take some time to emerge on the market. As far as search, Notes/Dominio has good enough search but if you have lots of data in other repositories you'll need something from the OmniFind product line.

    - Google: Google Apps is SaaS only and Bob has covered that pretty well

    - Yahoo: Also SaaS, although Zimbra can be brought in-house or can be rented from 3rd party SaaS vendors. Of coruse Yahho is the #2 web search so its on par with Google in that sense

    There are plenty of other players in the space as well, Zoho and Jive come to mind off hand.

    As far has my concerns about Google. It's not whether or not the apps can be secured but rather the business that Google is in - indexing information. I'd be concerned about what is going on with my data on the Google servers. Juxtapose that with IBM and Microsoft that are in the apps business and I rest a bit easier. I'm not saying anything will happen to may data on Google but I question it anyway. Google is probably aware of business customers concerns in this reagard. Especially considering that a signifcant portion of Google's Enterprise division is made up of former Postini folk who should know better. As a precaution, I'd definately pay for the Google Apps service plus the Postini service ($75 per year) to get the SAS 70 II certification that requires an audit track on all data activity. I would sleep easier knowing that all activity on my data was being logged.

    For some interesting commentary on Google Apps see the following posts that Guy Creese and I made in April:

    Why GMail is Disruptive (April 19, 2008): http://khobert.blogspot.com/2008/04/why-gmail-is-disruptive.html

    Google Should Announce Google Exchange (April 8, 2008): http://creese.typepad.com/pattern_finder/2008/04/google-should-a.html

    Stark Reminder: Gmail Is Still in Beta (April 17, 2008): http://creese.typepad.com/pattern_finder/2008/04/reminder-gmail.html

    A SaaS Lesson for Microsoft: Simplify the Licensing (April 18, 2008): http://creese.typepad.com/pattern_finder/2008/04/a-saas-lesson-f.html

    8Sven Meirte  6/18/2008 3:03:20 AM   I’ve looked at clouds from both sides, now

    Bob, great article. I have to go with John about his fears, uncertainties, and doubts.

    I have a customer that was thinking about the cloud computing business but their main concern is security. In Notes each user has its own id file and all security is centrally managed by the System Admin. Notes/Domino has a great security system based on many different levels (from server to field level). But by moving to Google you create an online account. How about that security? When I look at my gmail account it's not even https.

    Oh, and I hope there will be a part 2 because I would really love to read more about this subject.

    9Lee  6/18/2008 5:10:42 PM   I’ve looked at clouds from both sides, now

    Google may well be the market leader but I'd say Zoho is the technology leader right now. Nothing I've seen comes close to Zoho Apps on a technical level.

    10Jake Ochs  6/20/2008 9:39:36 AM  hybrid cloud (cirrus. stratus, cumulus?...)

    I think the SMB market will find cloud computing, with its less-codified ownership and SLA's a more than acceptable trade off for offloading the headache of administrating the services, et al...

    The larger companies (and let's face it, Notes people are culturally ingrained to understand the kind of large organizations that typically deploy it) may find more usefulness in hybrid cloud services, such as augmenting existing apps with Amazon's s3 for peak demand relief or in testing new features or doing business development on cloud computing before committing to the infrastructure requirements to bring the service in-house. I read somewhere about a photo (or video?) sharing site that was able to easily ratchet up storage capacity upon being slashdotted using s3.

    Karen:

    IMHO, where the line blurs is on the distinction between cloud computing (usually hosting a specific service such as e-mail or discrete application component such as s3 storage) and outright hosting. Is the differentiator the app vs. the underlying later? (say, providing PHP/MySQL hosting) or is the differentiator how the service is maintained? (say, Google's amorphous cloud vs. a singleton such as a VPS.) How would one classify a VPS (Virtual Private Server), then, that moves around (say, a VMWare enterprise implementation) based upon the prevailing conditions at the service provider of the moment? Is that a cloud?

    11Thomas Bahn  6/24/2008 4:06:57 PM   I’ve looked at clouds from both sides, now

    Hi Bob,

    great thoughts and a well balanced reflection - as always. :-)

    I want to second Sven Meirte (8) about the security constraints. Think about a - say american - company with 10,000 mail accounts. As with SPAM, a bad guy can run a dictionary attack against "guessed" mail addresses...

    I have seen a session at last year's AdminCamp, where some guys from a university showed research results about passwords used in real world companies. Let's say, I don't trust in one-factor-authentication anymore, when many people are involved. :-(

    It's as always: you must sacrifice security for convenience (or vice versa).

    Another reason for at least German companies would be laws about person related data. Such data has to be handled very strictly here.

    My major reason would be distrust: Would I really give Google (or any other company) all my business secrets? Company (cultures) change, laws change, people sell data... Last year someone sold a CD with thousands of customer data from a Luxembourg based bank to the German tax authorities...

    Thomas

    12Usman Ali Qureshi  1/31/2010 11:52:17 PM   I’ve looked at clouds from both sides, now

    Very helpful and informative.