We created this infographic for Orange Business Services because there is so much confusion around the term Cloud computing: to some people its apps, to others its servers, to others it just means “on demand”.

The truth is that is all these things and more.

The boffins in Orange Labs see a multitude of Clouds emerging so we want to show this vision, but also trace it’s history.  Cloud computing is not a revolution as such as you can trace emergence back to the first days of the internet. It’s really a story about how IT has evolved.

It was first published on the Orange Business Live blog here and there is a really cool version on Slideshare here. It interesting to compare the two formats.

Thanks to the designers who worked on the different formats, Rose Zgodzinski and Mark Jaeckel.

Why has performance management become such a key issue in cloud computing? Well it’s simple: there is little point in moving to a cloud solution if end users can no longer use their business-critical applications effectively. We spoke to Orange Business Services expert Jean Critcher to find out about the four key issues you need to address when looking at application performance in the cloud.

1. build application performance into the business case

An assessment of application performance needs to happen at the very outset when you are building a business case for cloud computing. Application performance is a key factor in helping you choose what applications to move to the cloud. For example, if your main criteria for cloud adoption is costs savings, then any performance issues that slow your business processes or damage productivity could virtually eliminate any savings made.

2. determine how to judge success

To be able to effectively judge application performance you need to identify your key performance indicators (KPIs). These will also need to reflect the impact of different deployment approaches, such as public or private cloud. As a guide, a survey carried out by Orange in application performance KPIs found that application response time is the most common (93%), followed by availability (72%), transaction response time (68%), latency, jitter, packet loss (68%) and server response time (66%).
Monitoring KPIs should be an ongoing activity – even once the application has been deployed in the cloud – because they give you valuable information on how your applications are reacting to changing business and technical conditions, such as the impact on availability caused by a wider rollout, for example.

3. set your service level agreements

Your KPIs should also play a part in forming the service level agreements (SLAs) that you have with your service provider. Our survey found that application-oriented SLAs came in first place (69%), followed by managed network services (56%) and business service or systems management SLAs (27%).

The approach your service provider is taking to application deployment can have a big impact on how your applications will perform. Even the way the application is virtualized can make a big difference – by virtue of how customers are partitioned in the shared infrastructure. Because resources are not unlimited, the actions of another customer could have an impact on your own application’s performance. This should be reflected in your SLAs.

4. don’t do it all at once

Application performance in the cloud can suffer if you try to do too much at once. You need to take a phased approach to cloud computing, so that you can see how well your cloud application performs and work out the implications to your contingency plans and what it means to your business continuity planning (BCP). Once your application has been tested and is stabilized in a live environment, then you can look to add new applications to the cloud. Governance is a key part of this exercise. It gives you a framework for how applications are distributed, replaced and upgraded to prevent any changes having an impact on performance and availability.

This article appeared first in Cloud Computing Insight, it also appears on the Orange Business Live! blog.

Cloud computing aims to bring new flexibility to enterprise IT: the idea of virtualizing computing resources removing them from physical hardware opens up many possibilities, not just in terms of cost cutting, but also in security and availability.

Security, availability, and integrity are all essential for enterprise IT and cloud computing promises to help businesses have access to data and applications at all times. Instead of thinking about business continuity in terms of disaster recovery, where the focus in on how quickly enterprises can restore operations, cloud computing could make the traditional concept of backups and recovery obsolete. Instead, the idea of totally-resilient operations becomes much more feasible, in which cloud-based resources are constantly replicated between sites to protect applications and data in the event of a physical incident.

“We used to focus on internal data centre redundancy. Now we’re seeing it as remote redundancy. So this idea of instantaneous remote backup is gaining traction,” explains Al Berman, executive director at DRI International, which trains professionals in business continuity. “I just came back from a meeting at the White House, and all they wanted to talk about was cloud computing and why no-one was talking about it. I said, ‘in the private sector, we’re not talking about it – we’re just doing it’.”

Mitigating risks

However, while enterprises embrace cloud computing’s ability to protect business operations, they should not enter into cloud computing relationships without first assessing and mitigating risks. Enterprises need to assess the security issues associated with virtualizing one’s data so that it becomes independent of a physical computing platform. Where is the data is to be kept? Who will have access to it? What access controls are in place to prevent the wrong people seeing it? And what technical measures are in place to prevent it being misappropriated?

“Cloud computing can be risky, which is why we are seeing the emergence of trusted intermediaries,” explains Alexandre Rigaldo, cloud computing program director at Orange Business Services. He identifies several broad risks that customers should consider when engaging in cloud computing relationships. “We are talking about a shared infrastructure, so that we have data from different people shared on the same physical machines. Also, you don’t know where your data is located, and this can be an issue in specific sectors.”

This emphasis on location stretches beyond where the data is stored into the area of accreditation. Certifications used by cloud computing providers may differ between one region and another, and what is acceptable from a regulatory perspective in one region may not be acceptable in another, he warns.

Finally, the data may be at risk if the communication mechanisms used to get it into the cloud and out again are not secure. Using the public Internet to communicate that data without encrypting it, for example, could incur regulatory risk.

“To mitigate this risk is not rocket science. The goal is to apply some basic IT security principles, and not believe in Santa Claus,” Rigaldo says. “Cloud computing doesn’t solve all of your issues. You have to be as careful when you buy cloud computing services as with traditional IT.”

One crucial step is to look at the life cycle of your information, says Rigaldo. Defining the sensitivity of specific types of data, based on the business processes that it serves, and the legal liability that it incurs, is vital when it comes to understanding how to deal with it.

Different approaches to the cloud

How an enterprise tackles these tasks will depend partly on the type of cloud computing model it is employing. Cloud computing models can be split in different ways. For example, platform as a service differs from software as a service, which is in turn a separate proposition to infrastructure as a service. All of these carry different risks in varying proportions.

It is also possible to slice the model along organizational lines. Some may prefer private clouds, where individual companies host their own data, while others may prefer a publicly available cloud service in which everything is hosted by a third party and runs from a shared platform. Alternatively, it’s possible to combine the two with a hybrid model that allows enterprises to retain some control, while still taking advantage of the economies of scale of the shared platform. All of these choices will have a bearing on the risk analysis process.

With such a bewildering array of options, how can an enterprise begin to make sense of it all?

Different organizations have published their approaches to securing cloud computing. The European Network and Information Security Agency (ENISA) recently published an information assurance framework as part of a broader report entitled “Cloud Computing: benefits, risks, and recommendations for information Security”. This framework is designed to help customers understand which questions to ask potential cloud suppliers.

The Cloud Security Alliance (CSA) also published its “Security Guidance For Critical Areas of Focus in Cloud Computing” in December, which discusses different cloud architectures and assesses how each of them can be best managed in the context of information lifecycle management, data portability, and application security. Governance featured heavily in the document, which laid out each party’s roles and responsibilities in areas such as lawfulness of content and incident response.

As enterprise IT moves firmly in the direction of a more virtualized world, in which logical resources are shunted between sites for maximum efficiency, guidelines such as these will be vital for enterprises looking to tackle the process of due diligence with service providers, or attempting to automate cloud processes within their own, private networks. In spite of the name, cloud computing should be about transparency and enterprises need to stress accountability and openness in all of their service relationships.

This article first appeared in the email newsletter we help produce for Orange Business Services called Enterprise Briefing: http://www.orange-business.com/en/mnc2/footer/news/enterprise_briefing/feb2010/technology.jsp

In addition to writing text at Futurity Media, we’re also doing video and audio. This is an example of a recent podcast that we did with Orange Business Services in Herndon Virginia. We were talking to Current Analysis analyst Amy Larsen DeCarlo about cloud computing from an enterprise viewpoint. Where is the technology heading? What applications are suited to it? How are early adopters using it?

Cloud computing is a staggeringly popular topic. Huge swathes of the work we did in 2009 related to cloud computing services and the trend looks set to continue into next year. Just about all parts of the information communications technology (ICT) industry are positioning themselves to take advantage of the predicted stratospheric growth. Although all hyped technologies will get their comeuppance at some point, cloud computing is unlikely to make much headway in enterprises if it they are worried about security.

Enterprise concerns over security are perfectly understandable: as a shared medium, how can they be sure that their data isn’t leaking into their competitors environment, and in fact are they even able to tell were their data is even stored. The latter issue can have a major regulatory impact in a number of areas, such as PCI-DSS compliance. Hackers are already reportedly rubbing their hands with glee at the prospect of hacking cloud computing environments. At the recent Black Hat conference, speakers demonstrated how to attack the cloud and a Trojan keylogger was reportedly found on Amazon’s AWS site only this week.

Given the importance of security to cloud computing’s success there’s little surprise that the industry is making solving the issue a priority. Here are some interesting resources & articles:

• The European Network and Information Security Agency has published a report on the risks of cloud computing;
• The Jericho Forum famous for its work on deperimeterisation published a white paper on cloud computing security earlier this year;
• In June, Jericho Forum and the Cloud Security Alliance joined up to address security. I was expecting to see a result on this collaboration in the autumn, but I haven’t seen anything yet;
• Ariel Silverstone suggests some metrics for measuring the security of your cloud computing providers;
• ISACA has published a white paper that looks at some of the security issues;
• The CSA and Novell are running an interesting looking webinar on Cloud security next week.

Data center operators, and those that use them, are under increasing pressure to go green. Demand for data center capacity is being driven up by a number of factors that make driving efficiency through green principles a complex process.

But, the introduction of new emissions laws, such as the UK Carbon Reduction Commitment (CRC) Energy Efficiency Scheme makes the greening of the data center inevitable. The CRC has been causing great concern for data center professionals, who also need to save money on energy bills – as higher energy use may have tax levy implications, strengthen their green credentials to customers or reinforce a corporate social responsibility stance on climate change.

The European Union Emission Trading Scheme, and the US cap and trade carbon emissions schemes show that the greening of the data center is fast becoming a global concern.

In the meantime, demand for data center capacity remains locked into a continual growth curve, driven by a lack of consolidation of major users,such as Microsoft and Yahoo, the advent of services such as Software as a Service (SaaS) and cloud computing, and the lack of power availability to key strategic locations such as London’s Docklands. These issues are in turn driving demand for ever more supply, heading towards a period where the gloomy predictions of analysts some years agoabout data centers running out of power no longer look unrealistic.

This is particularly the case where technical advances such as smaller hardware footprints, blade servers and high-speed processing density coupled with a greater need for storage capacity are quite literally sucking the life out of the power grid. As power consumption increases, so does the need to dissipate the heat generated by processing, which increases air conditioning costs – which also require their own power supply to deliver benefits. It’s easy to see how power, heat and cost are closely related and could easily spiral out of control.

Fortunately, data center practitioners can adopt a practical pathway to greening their data center or checking out the green credentials of their supplier, if they bear in mind several golden rules.

To read the rest of our guide to greening your data center, go to Orange Business Live: http://blogs.orange-business.com/live/2009/11/top-tips-for-greening-your-data-center.html