Blog

This morning at Sharkfest '12 being held at UC Berkeley, Steve Riley, technical director at Riverbed, bluntly opened his keynote with, "Cliff told you that the cloud is BS, so we are going to talk about BS."

Only 24 hours earlier, Cliff Stoll was facing the same audience packed with Wireshark pros proclaiming  that the term "cloud' denies the existence of an enormous amount of infrastructure. As someone with a deep understanding of data transmission and networks, his point can be appreciated. 

Riley is on equal footing with Stoll, but has a more amaicable view toward cloud computing. He spent an hour defending it and explained that the key to cloud success for enterprises is changing the habits of people who are used to having physical infrastructure. It's about enabling the cloud to unleash creativity.

In an homage to Stanford Law professor Lawrence Lessig, Riley likened the prevalant attitude toward the cloud to John Philip Sousa's views on how music recording would end live music performance as we knew it back a hundred years ago. Sousa was wrong because new tech creates new expectations, explained Riley. "It enables new expressive forms."

On the flipsde, there are a lot of things that go wrong in a utility computing model noted Riley. He then dived into three broad cloud lessons: architecture, security, and administration.

Cloud architecture

Riley spent most of his presentation on cloud development, listing several considerations such as scalability. In the cloud, the expection is that when you throw in more resources you get more performance, but only when you need it. And forget private cloud, or as a CTO at Amazon once called it, "the false cloud." Just because you sprinkle virtualization into your infrastructure, it's not cloud. And if you pay for it when not using it, it's not cloud. Cloud means the computing is metered and you only pay for what is used. 

He then discussed loose coupling, which gives the cloud a high tolerance for variances in order to smooth out disruption spikes, and elasticity, which means you pay for what you use when you need it. Riley argued not to make assumptions about workloads (be ready for anything) and to use dynamic configurations for flexibility and speed in pushing out updates to users.

Next, Riley pointed out that the cloud needs security built in. "There are bad guys out there, so
assume threats and design security controls that reflect the likelihood of a threat to materialize and work backwards." He had more to say about secruity later in his talk.

And when it comes to computing constraints, don't fear them. In the cloud, you have on-demand assets that can be spun up and spun down, so if you need more RAM, spin up VMs. If a server is horned, just kill it -- don't bother troubleshooting or save it for later so that you can get your business back online as fast as possible. Need more performance? Look at caching.

Riley also touched on "thinking parallel" and running cloud services across geographies for "shared nothing" operations. Lastly, he said to consider storage options because space in the cloud is essentially infinite. AWS S3 already has over one trillion objects, he said.

In a nutshell, Riley urged everyone to view servers as disposable horsepower -- it's all about the data; the containers don't matter anymore.

Cloud security

For most, there is belief that security in the cloud is possible, but they need to be convinced. The traditional IT model was based on location, which means you can claim ownership, which allows a sense of control and security. Therefore, the prominent thinking is that if it is not here, then it is not secure. Sure, but mobile phones are now the primary content creation and consumption devices for billions aross the world, but they don't serve as the storage device, pointed out Riley.

In 2009, IDC said that humans were creating an exabyte of data per day, which is a huge number. Where is all this data going?  It is going to the cloud. So we have to stop believing that it is a fad, said Riley. Security in the cloud can be achieved by:

• Using SLAs that come with a penalty
• Auditable security standards that allow customers to actually prove it 
• Encryption
• Digital signatures

This approach defends against attacks on availability, data theft, and data integrity attacks. Riley said that because configuration vulnerabilites are more prevalent than code vulnerabilities, the blend of pervasive automation and massive scale in the cloud means fewer humans involved, which translates to greater security. Moreover, by partnering with a cloud provider that has earned regulatory compliance certifications, you too are compliant by inclusion.

Cloud administration

Lastly, Riley briefly discussed how IT roles must change and new skills are needed for the cloud age. In many cases people react with fear, but instead they can seize the opporunity to get IT better aligned with business, the age-old mantra that for many is finally starting to be realized.