virtualization and cloud computing - Orange Business Services

Currently, most of the software we use is installed on our computers, and our files (photos, videos, documents, etc.) are stored on hard drives. This is the case both at home and at work.
Some companies have already consolidated certain software programmes and data on centralised servers in an effort to increase efficiency and reduce costs. Going one step further, cloud computing centralises all software programmes and data using digital hosts for multiple customers through the Internet. This technology has several repercussions:

• All software that we currently purchase, install, and update will be accessible online, from any device connected to the Internet (PC, laptop, telephone, PDA, etc.) at any time.
• Our personal data will be remotely stored and accessible at any time, with no risk of loss or pirating.
• Companies can reduce the number of servers they need, while remotely accessing some applications that previously had to be stored on site.

It's been said over and over again that there's no difference between the administration of a physical server and a virtual machine - and this is true in an absolute sense. However, this might give us the idea that a virtualised datacentre is administered in the same way as a physical environment; thinking like this leads us to the first pitfall of virtualisation. Especially when dealing with large-scale virtualisation projects, we need to rethink network uses (workflows, operating procedures) and reposition IT professionals so that they can provide the best technical expertise in these new technologies.

Network uses
It's true that virtualisation facilitates the repeated use of the infrastructure. The most striking example is the ability to set up several virtual machines with only one template. In just a few minutes and only 5 mouse clicks, a new (virtual) server that's fully operational and in line with company standards can be set up.

Some of you may already be familiar with the Perl Purity Test: Are you a Perl geek, and if so, how much of a geek are you? The part of this test that struck me the most was the Perl's 'eval' function. It makes it possible to evaluate on the fly the part of Perl code that is not analysed when the code is compiled. This test asks the question: have you ever written self-modifying evals?  Not often, but yes! And then: have you ever nested an eval inside another eval? I have to admit that yes, on rare occasions, I have. And finally: Have you ever used more than five nested evals? There I had to admit, oh, no, I've never even thought of that! So why implement recursive evals? I still don't know why. But when I think of other situations, sometimes I wonder if there might be an advantage to putting an object within the same object, and so on -- a bit like Russian nested dolls. This concept struck me as viable, and even advantageous, when applied to virtual machines (VMs).  

With single server (ESX-type hypervisor, Hyper-V, Xen-Server, etc.) and application virtualisation (ThinApp, App-V, Jail, etc.), we are actually already putting VMs in physical machines, or application bubbles within system bubbles. Today, we're still at a stage with just one level of nesting (official version and software supported). This means that we're putting VMs in hypervisors, but not VMs in VMs, or VMs in VMs in VMs! 

Season 1- Episode 3 - Feedback

This 3rd instalment summarises an article published on macnn.com detailing Citrix System's feedback on its internal implementation of the BYOC concept.

Citrix System has also produced a 4-minute video  on the subject.

The following are key findings from the article:

• 40% of Citrix System employees purchased a Mac when given $2,100 towards a new computer for the company's Bring Your Own Computer to Work program.

• Of the 400 employees that participated in the program, 54% believed productivity increased while 17% of managers believed job satisfaction increased.

• Citrix Systems also reported 20% savings on IT costs per person. Although the workers were given a $2,100 contribution towards their new computer, many workers opted for a more expensive computer with better capabilities.

• The company utilised desktop virtualization to enable both Mac OS X and Windows as needed.'

The BYOC concept is thus a genuine alternative to costly workstation standardisation and adds real value to both the company and its employees.

Who's next?

Coming soon:  Season 2 - The type-1 hypervisor

Season 1, Episode 2 - The Missing link?

In the previous article, we looked at the factors that led to the emergence of the Bring Your Own Computer (BYOC) concept. In this instalment, we'll review how businesses can save money on BYOC workstations and the best way of implementing this within a company.

Season 1, Episode 1 - Two observations

Over the years, the IT world has undergone several profound paradigm shifts. The user workstation is expected to experience a transformation in the coming years. The BYOC concept (Season 1) is one step in changing our vision of the workstation. 

In this 3-part series, you'll learn how:

• the Bring Your Own Computer (BYOC) concept has come about,
  

• this concept fits into a cost-reduction strategy, and how it can be implemented as a solution,
  

• one company, Citrix System has deployed the concept internally.

- To this day, we don't know who actually invented the BYOC concept, but CITRIX System has effectively integrated it into is vision of the user workstation of tomorrow and has already experimented with it internally (see part 3).

The BYOC concept is the result of 2 factors:

'Generation Y' and new technology enthusiasts

An increasingly large percentage of users today are very much at ease with new technologies. The majority of these users are 'Generation Y', meaning that their childhood or teenage years coincided with the dawn of the PC era. Now adults, they seek out new technologies (mobile internet, MP3 players, social networks, blogs, time shifting, etc.), and expect these to meet high standards. In the workplace, this group views - and rightly so - the standardisation of workstations as a constraint that slows down their productivity. Indeed, standardised PCs do not necessarily offer the best performance (memory, CPU, graphics card, hard drive, etc.) since users cannot install their own applications, or synchronise their personal and professional agendas. These users have new standards for office comfort: they don't want to have two mobile phones anymore, or two computers that offer the same services. They want their company's IT tools to adapt to user needs, and not vice-versa.  

'Companies have to ask themselves as early on as possible what positions and jobs are essential to their operations. For positions, they have to verify that there are others that can assume these functions, and plan while they still can to implement a system for working away from the office, like telecommuting.'[s1]

In most large companies, emergency response and monitoring units have been created. They deal with 2 main types of situations:
1. A major crisis at Phase 6 (a freeze on public transportation, prohibitions against large gatherings, etc.) with only 30% of employees available for ensuring continued business operations
2. A near crisis, not yet at Phase 6, with 30% of the working population active for the first 6 weeks and 60% over the following 6 weeks

Bear in mind:
1. The working population plays a major role in a pandemic crisis situation. It is the driving force, the weak link, but also the countermeasure.
2. The main factors that increase employee absenteeism are distance between home and the workplace, the presence in the home of children under the age of 12, and a partner or spouse who also works.
3. Public transportation is also at the heart of the issue since it is an economic necessity, and can be a catalyst for the spread of disease.

Since 1 June 2009, the H1N1 flu has been classified as a pandemic. Is it an imminent threat or just a smoke screen? What's the real story?

A flu pandemic is an epidemic that affects an exceptionally significant segment of the population and is present over a large geographic area. It is characterized by the appearance of a new virus that the population has little or no immunity to, in comparison to traditional winter flu strains.

Even if the H1N1 virus is just a nasty flu right now, and is nothing like the H5N1 avian influenza virus, which is extremely dangerous and even fatal for humans, it is nonetheless still highly contagious.

This is a good question which goes on to ask in which cases is it right to virtualise Citrix?.
Even if in principle nothing stops you from Virtualising Citrix servers, there are in fact several "best practice" guidelines you should adhere to.

• Let's start with the easiest: yes you can virtualise your Citrix servers

The example we shall give represents the vast majority of Citrix infrastructures installed in companies.

If you have 2 dual core servers for example each hosting 50 users and the users are satisfied with the quality of service, i.e. there are no abnormal behaviours (extremely slow network, blocking of ICA screens, or server CPU running at 100% capacity) then you can virtualise them.

A group has been created with the intention of promoting trust and developing a code-of-conduct to standardise and certify enterprise cloud computing services, under the banner Cloud Industry Forum. It has been established by the Federation Against Software Theft (FAST) and Investors in Software (IiS).

Undoubtedly, cloud computing is one of the hot topics of the moment -- IDC forecasts a five-year annual growth rate of 26%, more than six times that of traditional IT offerings -- but the concept is complex and open to multiple interpretations, with a previously compiled "just right" definition running to three sentences. While enterprises can clearly see the benefits, the lack of commonly accepted standards and certification may well deter more cautious IT managers from fully embracing the nascent technology until it has become more established.

An inaugural Cloud Industry Forum roundtable has already taken place, "to bring together key industry figures to discuss the issues and challenges that surround the development of a Code of Conduct to offer certification for providers". It was said that the consensus opinion is that "organisations need clarity around what the services providers do or don't offer", and that "put simply, organisations seeking to use these services need a straightforward form of certification or 'Code of Conduct' for potential suppliers that will accurately define the services offered and standards of operation and security".

At least part of the challenge faced by the Forum is the diversity of the enabling technologies, products, and services offered under the "cloud computing" banner. With a number of suppliers approaching the cloud from different starting points, it is difficult for enterprises to compare like-with-like, with such benchmarking a vital element of the procurement process.

It was also noted that businesses are aware of the "unknown financial, security or resilience risks" associated with trusting third-parties with mission-critical computing roles.

Cloud industry association created
The Cloud Industry Forum is not the only industry alliance recently established in the cloud computing market, with EuroCloud created during October 2009, although while the former is focused on creating standards and certifications for enterprise services, the latter is focused on growing a cloud ecosystem within the industry.

EuroCloud has grown out of the French ASP Forum, and local groups have already been created in Belgium, Denmark, France, Luxembourg, Spain and the UK. Its intention is to create 20 regional organisations with 500 members by 2014. The aim of the alliance is "to boost cloud development across Europe, while becoming the European platform for business exchange with other continents".

I had the chance to attend the EuroCIO's annual conference in the last week of November.

More than 120 Chief Information Officers and other senior IT Executives gathered to share experiences and work jointly on issues they face in their jobs. I must admit that, at first, some of the topics discussed came as a surprise to me.

There are really three topics I retain from this couple of busy days:
1. Cloud computing and virtualization are not a fad
2. IT talent shortage is upon us in Europe
3. The financial crisis has positive effects on IT

Let's explore these topics if further details...

Cloud computing and virtualization are not a fad

They represent a durable trend that both large and smaller companies have started to use or are planning to invest into.

Virtualization and sharing of IT resources is happening at several levels in parallel: In the data center with shared computers and storage; at the applications level with "Software As A Service" (SAAS) or "Pay as you go" approaches; and also on the desktop to reduce its Total Cost of Ownership....

A new report from Diamond Management & Technology Consultants called for enterprises to undertake an objective assessment of cloud computing "free of vendor hype", in order to weigh up the benefits, challenges and their readiness for a shift in operating model. As businesses begin embracing the processes and financial models that accompany the practical realities of introducing a new set of technologies, Diamond said that it is important to consider the "net" value achieved, and not just the "gross" savings trumpeted.

It was noted that "hidden cloud expenses can really alter a company's outlook". While expenditure related to people, processes and architectures is not new to IT professionals, the challenge in the cloud world is uncovering these expenses under the new regime, and determining accountability for each. Among the areas where additional charges may be incurred are purchasing, finance, security, compliance and legal charges, and architecture and integration enhancements.

In order to assess the potential for these hidden costs, buyers need to look at the viable paths to move (or replace) legacy applications in the cloud; the architectural changes required to integrate cloud and non-cloud applications; how technology and operational processes should be changed to take advantage of different procurement, provisioning and management models; the potential flexibility and cost trade-offs between public and private clouds; and the other, complimentary cloud services which may be available.

Diamond also anticipates that companies will travel toward the cloud in two directions. For companies with high business and technology demands, many of which will also have to meet mandated regulatory and security requirements, the current hosting model will become a hybrid incorporating elements of the private cloud. In this case, some may selectively adopt public cloud services for certain tasks (for example CRM), but in the main public clouds will not meet their needs. For small-to-mid sized companies in less regulated industries, current hosting models will be augmented or replaced by the public cloud, which can meet their less stringent demands.

The report, The Future is Partly Cloudy, can be downloaded here.

The European Network and Information Security Agency (ENISA) turned its focus to cloud computing, and in particular how businesses can reap the benefits without putting themselves at risk. It has published a report titled "Cloud Computing: Benefits, risks and recommendations for information security".

The paper examines the technical, policy and legal implications of cloud computing and makes "concrete recommendations" on how to address the risks while maximising the benefits for end users. It describes the cloud as "both a friend and a foe" from a security point of view, noting that while the massive concentrations of resources and data present an attractive target for attackers, the flipside is that cloud-based defences can be more robust, scalable and cost-effective.

Key risks identified included loss of governance, because customers need to cede control of a number of issues that may affect security to the cloud provider; lock-in, introducing dependence on a cloud provider if customers are unable to easily migrate their data elsewhere; compliance risks, if a cloud partner is unable to provide evidence that necessary standards are being met; and data protection, with the customer, as data controller, needing to be able to ensure that data handling takes place in line with required practices.

ENISA suggested that with security being such a concern for potential cloud computing customers, there is a strong driver for cloud providers to improve their performance in this area -- and therefore make security a product differentiator, alongside price and technical capabilities. But it was also noted that while some risk can be handed-over to the cloud provider, "you can outsource responsibility, but you can't outsource accountability".

The body said the most important aspect of its recommendations is its Information Assurance Framework, which is detailed here. This is designed to enable IT execs to assess the risk of adopting cloud services, compare different cloud service providers, obtain assurances from cloud providers, and reduce the assurance burden on potential partners.

ENISA is a European Union agency intended to be "a centre of excellence for the European Member States and European institutions in network and information security". Its full cloud computing report can be downloaded here. Also available are the results of a survey into SME attitudes to cloud computing.

Is "cloud" really going to take off, or is it another apple on the tree of hype, waiting for autumn? So many IT phenomena have been trumpeted to the skies, only to disappear quietly a year or so later.

I'm in no doubt. I think it will really take over, becoming the dominant way of accessing and using IT services and applications. And it's not to do with technology, or vendors.

It's to do with may daughter (aged 11)........

One of the big issues for IT strategists planning for 2012 and beyond will be the impact of newer regulations such as the EU Code of Conduct for Data Centres  aimed at improving power efficiency and reducing emissions.