CONTENTS

Cloud Computing Porting Date To & Fro

Issues ranging from vendor lock-in and mismatched architectures to issues in porting data and apps from one Cloud to another remain as concern areas for enterprises that are evaluating the prospect of putting their business-critical applications on the Cloud. By Venkatesh Ganesh

Kalaiselvan P, Head - Cloud Engineering, Mindteck, related an interesting conversation with a US client who categorically said that the Cloud did not make for a good fit with enterprise applications. Rather, the client felt that it was good for Web-based or e-commerce applications. His reasoning was that the lack of control, accountability, transparency, compliance etc all combined to make the Cloud a poor fit for enterprise applications.

That's probably why, although the analyst numbers and the logical explanation for Cloud uptake are sound, in practice, Indian companies have been leery of moving their vital applications onto the Cloud. Recently, the Mumbai-based CIO of a stockbroking firm was considering testing some of his derivatives-related computing on the Cloud. However, he decided to hold back on this plan when, in the course of a conversation, he realized that there was more to it than met the eye.

What's getting ported

According to a recent report by Nasscom and Deloitte, the Indian Cloud market is expected to reach $16 billion by 2020. The journey towards the Cloud has started, albeit at a slow pace. The enterprise applications that are finding their way onto the Cloud include internal-facing employee apps such as HR, performance management, payroll, expense management and the like. Some companies in the manufacturing sector are leveraging the Cloud for deploying marketing-related apps including campaign management for online or social media campaigns. In other words, these are apps that are not mission critical and those that are used in bursts.

Similarly, financial services firms are using the Cloud for complex, HPC tasks. “We recently signed up one of India’s largest mutual fund company for performing tasks like risk modeling and portfolio simulation analysis,” said Srikanth Karnakota, Director, Server and Tools Business, Microsoft India. Insurers are looking at deploying field agent policy quotation apps to ease management issues and reduce costs. In the case of IT-ITES companies, the Cloud is being used to integrate with their customers’ systems.

The industry continues to be cautious in its approach towards accepting Cloud platforms for mission critical apps. “The apps that are being ported are low cost, hosting/development test environments for Web-based applications and services,” said Arun Sridhar, VP, Infrastructure Services, Capgemini.

Even for regular apps, enterprises are confronted by economies of scale issues when moving to a Cloud. “For applications such as CRM, unless the move is to a public Cloud, a large private Cloud or a SaaS vendor that specializes in CRM, economies of scale might not exist,” added Sridhar.

Startups and SMBs are beginning to accept the Cloud. “Startups and companies with no legacy applications have a good opportunity to make the best of the Cloud,” said PSK Varma, Head, BPM Practice, Prithvi Information Solutions.

Microsoft said that the Windows Azure platform ran 40,000 servers across six data centers in three continents. “This type of scale comforts customers in terms of stability and longevity of providers and it is one of the primary reasons as to why we have 2,000 paid customers with 10,000 apps built in the last 18 months,” asserted Karnakota.

Mismatched architectures

It is pertinent to note that existing architectures are based upon standalone applications. Traditionally, apps have been designed and developed on a single instance basis that can be scaled out through a clustered approach or scaled up through SMP. If an ISV built a solution for a banking client A, he would maintain another separate instance with the complete application stack for client B. The good thing about this is that data security and control are assured. The downside of this approach is that it is an expensive proposition.

When it comes to the Cloud, companies need handholding in terms of getting ready to move from the traditional single instance, single tenancy model to the hosted, multi-tenant model of the Cloud. Microsoft's technology center offers technical guidance and architecture reviews on Windows Azure delivered by technical architects centered around features offered by Azure like AppFabric, auto-scaling, availability etc. HP carries out and applies various criteria in terms of business as well as technical risk assessments for the enterprise portfolio of applications in its Applications Transformation to Cloud assessment phase for all of its customers.

Typically, risks around security, availability, business criticality, continuity and compliance are considered within business risks; while efforts and risks involved in integration and migration based on the current technology suite and architecture/design are considered toward technical risks. A careful mapping of these scores would usually come up with recommendations for Cloud suitability in terms of the decision to re-host, re-factor or replace for an application.

“An enterprise needs to look at all aspects of their business processes, dependency on technical issues and integration needed with other apps as factors when it comes to choosing the right architecture before moving to the Cloud,” said Sridhar.

This raises a whole bunch of questions with the fundamental one being what happens to the existing applications that have been deployed in single tenant mode? Are heavy code changes required to port these onto the Cloud? Should enterprises re-architect the existing application? Is reengineering the application to make it multi-tenanted cost-effective? “It is not straightforward as each application is built for a specific business problem to deal with a specific business function and it needs a thorough understanding of the underlying architecture components to convert the same to a multi-tenant model,” averred Kalaiselvan.

The issue of mismatched architectures has to be addressed before migrating or re-factoring into the public Cloud, opined industry watchers. A structured analysis of costs versus benefits would help determine whether or not a particular application could be migrated and help zero in on the specific benefits that could be expected from putting it on the Cloud. If the application architecture does not cater for some of the tenets such as scaling out or scaling back, then elasticity would be hard to achieve. “In such cases the benefits of Cloud would be limited to migrating your application to just a virtualized environment but with added management and deployment complexities,” pointed out Sumanth Tarigopula, Director, BestShore, Application Services, HP.

Most of today's large, old monolithic applications are not portable and have to be rebuilt. There are other applications that require special hardware, reducing their portability and even many of the newer applications being built today are not portable, certainly not Cloud portable. “The typical problems faced are configuration issues around the Cloud on application configuration and infrastructure. A good deal of time and money in the IT industry has been spent on trying to make applications portable,” said Sridhar. The goal around migrating applications to the Cloud is to somehow make them more Cloud-ready and there is a need to develop and use open standards. Salesforce's Force.com platform allows external developers to create add-on apps that can be integrated into salesforce.com. The company makes that possible by using applications built on Apex and Visualforce.

Others point out that applications should be taken on a case-to-case basis and that enterprises need to understand which of these are best suited to the Cloud environment. “Always start with the low hanging fruit and pick apps that aren't mission critical. Test these in the Cloud and, once the comfort level increases, look at moving subsequent apps,” said Ashwin Waknis, Head Cloud Professional Services, Persistent Systems.

Migrating an application built on Java or .NET to a PaaS platform such as Microsoft Azure, Google App Engine or Force.com may require between 30-100% redesign and refactoring of the code base depending the source and target platforms that are involved.

"Once you make the architecture cohesive & integrated designing it precisely, keeping in mind the nature of the application, the pain points can be overcome." Vineet Arora Mng. Director, Aditi Technologies

It is interesting to note that migration issues are prevalent in the non-Cloud environment as well. Moving from .NET to DB2 is not a piece of cake but vendors provide application integration to tackle this issue. In the Cloud, this aspect needs to evolve. “You have to deal with problems of mismatched architectures. However, once you make it cohesive, integrated and design it precisely keeping in mind the nature of the application, these pain points can be overcome,” argued Vineet Arora, MD, Aditi Technologies.

Vendors insisted that there were tools and best practices that companies could adopt to migrate to the Cloud and convert their applications for multi-tenancy. Tools like Apprenda, CloudFoundry, OpenShift, and OpenStack can be used to build multi-tenanted applications. “In the final analysis, we have to do away with the Cloud’s existing risks,” said Vijay Anand VR, Global CTO - Machine to Machine Technology, Innovation Evangelist, Logica.

Lock-in and interoperability problems

"We advise customers considering a public Cloud service to negotiate the exit clause as part of the initial discussion." Rajesh Rege Sr. VP, Data Center, Virtualization & Cloud, Cisco India & SAARC

This is the biggest issue when it comes to Cloud migration. “Lock-in is a concern and we advise customers that are considering a public Cloud service to negotiate the exit clause as part of their initial discussion with the Cloud service provider and make it a part of the contract,” said Rajesh Rege, Senior VP, Data Center, Virtualization and Cloud, Cisco India & SAARC.

Unfortunately, there are not many examples of published exit clauses. However, enterprises should make a thorough note of it. Exit clauses should include explicit penalties for non conformance to SLAs, confidentiality and ownership of data as well as RTO/RPO parameters for data transfer. Companies should treat the event of leaving or switching from a Cloud provider as a disaster that needs a procedure/policy in their DR/BCP document. Moreover, what happens when a Cloud service provider goes belly-up? Can the existing data be shifted to another Cloud? “These days we are dealing with Petabytes of data and, in the event of the Cloud service going down, the question of how a company reasserts control has to be asked,” opined Nitin Khanapurkar, Executive Director, KPMG India.

Amazon's recent outage made companies take a fresh look at these aspects. Appropriate Cloud application architectures are part of the solution to Cloud interoperability and existing applications may need to be re-architected to facilitate migration.

The key thing is to try to architect applications that reduce or eliminate the number of difficult dependencies between the application stack and the capabilities provided by the Cloud service provider.

Similar challenges exist when two service providers merge or one acquires the other. In this early stage of the Cloud, standards for data formats and APIs to allow interoperability between infrastructure do not exist. Cloud providers are already working on how to improve portability and reduce latency during data transfers but only within services and platforms hosted on their own, proprietary infrastructure. Migration to another vendor’s setup can be a lengthy and expensive procedure as—apart from possible end-of-contract penalties—organizations will be charged both for format conversion and for the transfer, including additional charges for bandwidth usage. Migration costs can be prohibitive when dealing with a large amount of data. Therefore, even if it might seem easier and more convenient to have only one vendor providing all services, storing the entire organization's data within one infrastructure represents a threat, which might obstruct growth.

For SaaS services, lock-in issues exist making it difficult to switch, according to Vishnu Bhat, VP and Global Head for Cloud, Infosys. However, in order to avoid these types of lock in scenarios, standards bodies such as the Distributed Management Task Force (DMTF), Cloud Security Alliance and OCCI are working together towards evolving standards for wider industry adoption in order to facilitate interoperability and portability.

SIs like Infosys are trying to address interoperability issues for transferring applications and data between two different SaaS services or integration with internal enterprise applications making it easier for the client to switch providers.

Again, a historical look at things point out that the lock-in issue first surfaced during the dotcom days and the ASP model. Any enterprise will require standard contractual terms, insurance backed indemnification clauses and standard business practices where they ensure sufficient controls before engaging with third parties. Enterprises that miscalculate or fail to instill strict controls may fail spectacularly and that will be their own fault rather than a Cloud-related issue.

In the final analysis, doing the due diligence and understanding the organization's application ecosystem would go a long way towards addressing issues in the Cloud.

venkatesh.ganesh@expressindia.com