Looking back - Cloud's biggest victory in 2010

Well, the year is coming to an end, and the question was bound to come up on ebizQ's Cloud Computing forum.

So, what was the biggest thing to happen to the cloud in 2010?


Indeed, 2010 was indisputably a big year for the cloud. However, if I had to pick one event as cloud's biggest victory in 2010, it would have to be the adoption of a cloud-first policy by the U.S. Office of Management and Budget Agencies (OMB) that requires Federal Agencies to consider cloud as their first choice while proposing new IT programs as part of the 2012 budget process. This open willingness to adopt cloud by the U.S Federal Government is a really big deal for the cloud especially when you consider that the Federal Government has spent over $600 billion on IT related inverstments over the past decade and has a current annual budget of close to $80 billion.


* Originally posted on the ebizQ Cloud Computing forum on December 21, 2010.

SOA... is the answer as simple as "outsourcing it"?

Today's discussion on the ever-lively ebizQ SOA forum was inspired by the article Why I Outsourced Application Development to China on CIO.com, which gives some lessons learned on IT outsourcing specifically related to SOA.

Hence the question on the forum: Does it make sense to outsource your SOA?

I think the following paragraph from the article is key to understanding the context of the question:

"...Tactically, Lee wanted to replace Interval's core applications and move to a service-oriented architecture (SOA). Strategically, she wanted to create an agile IT organization better able to respond to changes in the business. Outsourcing new application development to an offshore provider with experience in SOA and agile development would enable a quicker—and cheaper—transformation on both fronts..."

Two noteworthy points include:

1. SOA was seen as a tactic for realizing the agile IT strategy.
2. Only new applications were being considered for SOA.

So, while the approach Lee took might have achieved her vision, I have fundamental disagreements with both points above.

First, SOA is not a tactic but a long-term strategy for achieving an agile IT organization. In fact, most of the so called "failures" can ultimately be traced to a near-sighted, short-term approach to SOA.

Second, limiting SOA to only new applications and their development misses a primary benefit of SOA - the benefit of breaking down the highly fortified silos of functionality to create a more transparent, open, and collaborative IT environment.

So, in conclusion, while outsourcing application development definitely makes sense, outsourcing "SOA", in my view of the world, does not.

* Originally posted in the ebizQ SOA forum on December 15, 2010.

Finally... I can CLAIM my CISM

What right now seems like ages ago, back in March, I started studying for my CISM (Certified Information Security Manager) certification.

I took the CISM exam on June 12th, waited for a gruelling 61 days to find out on August 13th that I had PASSED.

I then applied for my CISM credential on September 3rd and today finally after 90 days I just received notification that I have been granted the credential.

Amazingly, I spent 5 months just waiting! That's more time than I spent preparing for the exam!

So, the entire process form beginning to end... 9 months. Doesn't something else take nine months as well?

Hmmmmmm...

The Service Orientation Conundrum

Today's question on the ebizQ SOA forum was inspired from Joe McKendrick's ZDnet blog posting where he refers to the classic SOA conundrum: Does good service-oriented architecture result from having a “service-oriented” focus and organization, or does SOA help lead to a more service-oriented organization?


We've all heard about questions that have no answer. To me this is an example of just the opposite - a question that answers itself!

The simple fact is that you need both - the service oriented organization (culture) and the service oriented architecture (technology); neither one is the master; and they form an iterative, virtuous circle.

So, which came first, the chicken or the egg?


* Originally posted in the ebizQ SOA Forum on December 1, 2010.

Virtualization, Bundling, and Browser Wars?

What do "Virtualization, Bundling, and Browser Wars" have in common. Well, an hour ago I would have probably said "What???!!!"

I feel a bit differently now.

The question on ebizQ's Cloud Computing forum today was about how private clouds is impacting the virtualization strategies of companies and referred to a blog posting by Mike Vizard.
Mike brings up a few very interesting points. However, what really grabbed my attention was the following statement:

"... Canonical this week partnered with Convirture to add an open source virtualization management platform to its Ubuntu distribution of Linux."

Now that is interesting. Imagine every operating system/platform with its own virtualization capability. Wait, it's already happening! Furthermore, the built in virtualization is optimized for the platform and vice versa.

Pretty cool, or is it?

Now think back to the time when Microsoft bundled its browser, IE, with its Windows Operating System.

If you can't recall, here's a refresher:

"United States v. Microsoft was a set of consolidated civil actions filed against Microsoft Corporation pursuant to the Sherman Antitrust Act on May 18, 1998 by the United States Department of Justice (DOJ) and 20 U.S. states who alleged that Microsoft abused monopoly power. The issue central to the case was whether Microsoft was allowed to bundle its flagship Internet Explorer (IE) web browser software with its Microsoft Windows operating system. Bundling them together is alleged to have been responsible for Microsoft's victory in the browser wars as every Windows user had a copy of Internet Explorer. It was further alleged that this unfairly restricted the market for competing web browsers (such as Netscape Navigator or Opera)..."

Funny how history has a way of repeating itself. Let's just hope that in this case it stops repeating itself at the "bundling" part and not at the "billions of dollars spent in legal fees" part!

* Originally posted on the ebizQ Cloud Computing forum on November 4, 2010.

My Podcast - The Battle for the Clouds.

Listen to my latest podcast The battle for the clouds is on: Tarak Modi explains.

Feel free to send comments. I look forward to your feedback and suggestions for future podcasts.

AFCEA Cloud Conference - Here's what you missed!

I attended the AFCEA Cloud Conference yesterday held at the Johns Hopkins Kossiakoff Center in Laurel MD. The sessions in the conference were organized as interactive town hall style discussions in three topic areas:

1. Cloud Security Policy and Guidance
2. Cloud Security Architecture and Technology
3. Secure Cloud Operations

I targeted the policy and guidance sessions. Here are just a few of the golden nuggets that I have distilled:  

• Information used to support the mission; now it is the mission.
• We have the same problems as did before; the difference is we dont have the luxury of time anymore.
• Everything is assymetric.
• Global interconnectivity makes Private Clouds an oxymoron.
• Build sidewalks where people walk; create cloud policy that facilitates the way users use the cloud.
• Warfighters are inherently agile; cloud policy needs to be such as well.
• It’s about Mission Engineering not just Systems Engineering
• Do we need new policy or a new policy making process?

SOA - The Second Coming?

According to a recent post in InfoQ "Nearly two years after proclaiming that SOA was dead, the Burton group has changed their mind and now writes that SOA is set for a comeback."


So, it is no surprise, that ebizQ, picked up on this and posed the question on their SOA forum "What reason do you give for the initial failure of SOA?"


Well, the question as posed has a BIG assumption built into it - that SOA had failed!

ebizQ readers were quick to pounce upon the assumption. The general consensus was the SOA itself had never really failed.

I agree.

SOA, the architecture, had never failed; rather it was the implementation and execution that never measured up to expectations. Conversly, we might have a better chance of success with SOA in its so called "second coming" since

1. The hype has been tempered down considerably with a healthy dose of reality, 
2. The technology has matured significantly to support a service architecture (think Clouds, Virtualization, ESBs, etc.), and 
3. We, as an IT Community, have matured significantly.

* Originally posted on the ebizQ SOA Forum on November 17, 2010.

SOA - I Wish, I Wish With All My Might...

Today's question on the ebizQ forum was "What Improvements Would You Like to See With SOA?".

Once upon a time...
 
On a more serious note though, we read a lot about the convergence of SOA and Cloud Computing. There's an excellent book on the topic by David Linthicum and even I have written an article on the topic titled The Cloud SOA Ecosystem published on ebizQ in October 2009.
 
So, the one improvement I yearn for is the cementing and formalization of the relation between Cloud Computing and SOA. Today, cloud computing has three main delivery models: Infrastructure-as-a-Service (IaaS), Platform-as-a-Service (PaaS), and Software-as-a-Service (SaaS).
 
I propose including a fourth model called Information-as-a-Service.

Information-as-a-Service is the delivery model that formalizes the relation between SOA and Cloud Computing. It is a delivery model that is enabled by SOA at its core just as Virtualization is a key underpinning of IaaS. In other words, SOA is to Information-as-a-Service what Virtualization is to Infrastructure-as-a-Service. Put yet another way, Cloud Computing is the overall enterprise architecture pattern; SOA is the architectural pattern that enables one model of the overall Cloud: Information-as-a-Service.

* Originally posted on the ebizQ Cloud Computing forum on November 4, 2010.

Big Oil, Big Tobacco, and Big Cloud???

Have you ever wondered if the future of our "IT spending" is in danger of being controlled by a few super Cloud Computing giants?

Is the "OPEC" of Cloud Computing just around the corner?

If these are questions that make you pause and think then I highly recommend reading David Linthicum's article titled The danger of the coming 'big cloud' monopolies for an interesting perspective of just how possible the above scenario is and what the implications might be if such a thing did occur.

Make a Wish - Improvements to Cloud Computing

The "question de jour" on on ebizQ's Cloud Computing forum was "What Improvements Would You Like to See With Cloud Computing?". Answers varied from "portability" to "security" to "standardization" to "privacy".


Yes, I agree, all of the above are challenges with Cloud Computing today. However, I am going to make a different wish...

Honesty

Truly, everything is not a cloud. We've seen this with SOA where everyone wanted a piece of the SOA action, so vendors started putting "XML interfaces" on their "objects" and renamed them "services". All of a sudden, SOA "did not perform" became a widespread belief. Let's not repeat that story with clouds. Virtualization is not Cloud Computing. Hosting a software application remotely such that "everyone can access it" is not Cloud Computing.

Can we be honest for a change?

* Originally posted on the ebizQ Cloud Computing forum on October 26, 2010.

The Business Case for SOA... in ONE sentence

EbizQ editor, Peter Schooff, asked the question "In One Sentence, How Would You Make the Business Case for SOA Right Now?" on the ebizQ SOA forum today.

So, here's my take:

Do it or risk becoming irrelevant - it's no longer a competitive advantage; it's the cost of doing business.

 * Originally posted on the ebizQ SOA Forum on October 21, 2010.

Are SOA and Enterprise Architecture Now the Same Thing?

ebizQ editor, Peter Schooff, started an excellent discussion today on the ebizQ SOA forum today asking the question as to whether SOA and EA have converged into the "same thing". The question was inspired from David Linthicum's blog, Do SOA and enterprise architecture now mean the same thing?' Yes, they do.

So, where do I stand in this heated debate?

I cannot answer the question definitively. However, my hypothesis is that if they are the same thing then you should be able to map ANY accepted EA Framework such as TOGAF with the elements of SOA.

So for example, continuing with TOGAF, which defines EA as the aggregation of four different architectures, namely:

1. A Business Architecture that defines the business strategy, governance, organization, and key business processes.
2. A Data Architecture that describes the structure of an organization's logical and physical data assets and data management resources. Data architecture does not include the design of the actual physical data stores (or database).
3. An Applications Architecture that provides the blueprint for the individual application systems to be deployed, their interactions, and their relationships to the core business processes of the organization. The application architecture in TOGAF is not concerned with the actual software applications but rather limits the term application to a logical grouping of functionality.
4. A Technology Architecture that describes the logical software and hardware capabilities that are required to support the deployment of business, data, and application services. This includes IT infrastructure, middleware, networks, communications, processing, standards, etc.

So, does SOA map to each of these four architecture subsets of TOGAF? The bottom line is: Making an assertion is one thing; proving your assertion with a fact-based mapping is the proverbial "the proof is in the pudding."

* Originally posted in the ebizQ SOA forum on September 30, 2010.

My Podcast - Privacy in the Public Cloud

My latest podcast on Privacy in the Public Cloud is now available.

Click on the thumbnail below for an intuitive, clickable image that summarizes the gist of the entire podcast.




Feel free to send comments. I look forward to your feedback and suggestions for future podcasts.

Hot off the Press: FISMA 2010 - What it Means for IT Security Professionals

Finally, an article I first wrote over ONE year ago, back in August 2009, just got published and is out on the streets in Volume 5 of the highly prestigious ISACA Journal. ISACA is the organization that administers and confers the highly sought CISA, CISM, CGEIT, and CRISC certifications.

Unfortunately, you have to be a subscriber of the ISACA Journal to view the complete article. For those of you who are not currently members of the ISACA, here is a teaser as incentive for you to join! :)

FISMA 2010 - What it Means for IT Security Professionals

New threats related to cybersecurity are causing a shift in focus from compliance to risk-based protection, resulting in new requirements for system security and contingency plans, a greater push for continuous monitoring, and a stronger emphasis on configuration management and incident response.

Are you ready?

The US Federal Information Security Management Act (FISMA), originally enacted in 2002 and currently undergoing considerable revision, establishes clear criteria to improve US federal agencies’ cybersecurity programs. But, even as federal agencies struggle to implement
their existing information security programs, cybersecurity breaches have become increasingly common, with a 200 percent hike in such breaches over the past three years, according to numbers from a recently released Government Accountability Office (GAO) report in which the number of cybersecurity breach-related incidents reported by US federal agencies has risen from 5,503 in fiscal year 2006 to 16,843 in 2008.

This article looks at how FISMA and its family of key National Institute of Standards and Technology (NIST) Special Publications (SPs) are changing to meet the challenges posed by increasingly elusive hackers who are using better and more sophisticated tools and techniques to attack increasingly lucrative targets. Complacency is definitely not an option. The only option is to stay one step ahead of the game.

Want to read more? It'a all in Volume 5 of the ISACA Journal... so join now! :)

Mainstream Adoption of Cloud Computing - Decades Away?

On August 23, 2010, Brian Stevens, Chief Technology Officer (CTO) of Red Hat Inc., mentioned that the "evolution" of Cloud Computing was still "decades" away from where we would see the kind of maturation necessary to sway the big business to the cloud.

As one would expect, it was only a matter of time until ebizQ editor Peter Schooff picked this story up and asked the question on the Cloud Computing forum.

Make no mistake Cloud Computing is already here just as much as Open Source (for example, Red Hat Linux) is already here. Asking the question whether Cloud Computing will ever be mature enough where every big business is comfortable using a Public Cloud is similar to asking whether Open Source will ever be mature enough where no business will ever use any commercial software.

Is Cloud Computing only limited to Public Clouds? Even the most widely accepted definition of Cloud Computing from NIST identifies three other deployment models for Clouds - Private, Hybrid, and Community Clouds. With that in mind, isn't it ridiculous to claim that the adoption of Clouds is decades away? There are already so many well-documented examples of businesses (and government agencies) successfully adopting Cloud Computing.

* Originally posted on the ebizQ Cloud Computing Forum on September 7, 2010.

My Podcast - How the Cloud is Transforming the Department of Defense

Listen to my latest podcast How the Cloud is Transforming the Department of Defense: Talking with Tarak Modi.

Feel free to send comments. I look forward to your feedback and suggestions for future podcasts.

Cloud Computing - Not a Substitute for Proper Planning

"How Should Companies Prepare for When the Cloud Goes Down?" was the topic of discussion on ebizQ's Cloud Computing forum today. As this SearchCIO article, Time to lay down the cloud computing law for uptime, points out, it's when -- not if -- the cloud goes down. So how should you prepare for the inevitably of the cloud going down?

I agree... with the following clarification:

The technology might be new but the problem is NOT.

Business Continuity and Disaster Recovery (BC/DR) have always been risk management considerations... they were considerations before clouds, are still consdierations with clouds, and will remain considerations even after clouds.

Wikipedia defines DR as "the process, policies and procedures related to preparing for recovery or continuation of technology infrastructure critical to an organization after a natural or human-induced disaster."

DR is a subset of business continuity as BC involves planning for keeping all aspects of a business functioning in the midst of disruptive events, while DR focuses on the IT or technology systems that support business functions.

So, in short, Clouds DO NOT eliminate the need for proper BC/DR planning and testing. Don't make the mistake of confusing or blurring the lines between a technology (cloud) and legitimate business issues (survival and profitability).

* Originally posted on the ebizQ Cloud Computing Forum in August 2010.

CISM Results are in... and I PASSED

After waiting for 61 grueling days, I finally received the results for the CISM exam I took on June 12, 2010.

All that matters now is that I PASSED! :)

I feel even better because I have accomplished what I had mentioned in my post on January 29, 2010 where I had shared the news of my passing the CISA exam.

No more resolutions though for I'm all exam'ed out... for now!

It's a bird, it's a plane.... no, it's a CLOUD

Will Cloud Computing save the day or rather the economy was the question that recently came up on the ebizQ Cloud Computing forum.

As I understand it the primary reasons behind our current economic conditions are:

1. The burst of the housing bubble.
2. Questionable ethical practices of lenders with rampant subprime loans coupled with Mortgage Backed Securities and Collateralized debt objects of such loans.
3. Fiscal irresponsibility of borrowers.

Can anyone say "Cloud Computing" to the above?

I certainly CAN NOT. :)

Well, Cloud Computing fans need not despair for even Superman is powerless in front of Kryptonite!

* Originally posted on the ebizQ Cloud Computing Forum in July 2010.

My Podcast - What the Government Has Learned From Cloud Computing: Talking with Tarak Modi

Listen to my latest podcast What the Government Has Learned From Cloud Computing: Talking with Tarak Modi.

Feel free to send comments. I look forward to your feedback and suggestions for future podcasts

Enterprise Architecture - What's in a name?

"What is the Key to Effective Enterprise Architecture?", asks Peter Schooff, an editor at ebizQ. His question comes in conjunction with an article on the CIO Dashboard titled "16 Enterprise Architecture Strategies Learned the Hard Way" as well as Adrian Grigoriu's entry in his blog "Enterprise Architecture Matters".

The question generated quite a bit of interest on the forum. Answers varied from the keys being executive sponsorship to defining what "enterprise" means to convincing the "non technical guys" the value of EA.

All valid points.

So, what's my take on this?

The key to success - Don't call it Enterprise Architecture!

Seriously, the term "Enterprise Architecture" has become so overloaded, over used, and convoluted that I have actually been in places where the term EA was banned from usage and using the term resulted in instant loss of credibility!

* Originally posted on the ebizQ SOA Forum on July 15, 2010

Selecting a Cloud - It's More than Just Technology

Check out my accompanying write-up to my recent article titled "Making Sure You Really Are Walking on Cloud Nine", which was published in the June 2010 issue of the ISACA Journal.

Selecting a Cloud - It's More than Just Technology

Is Cloud a Natural Fit For the Government?

Peter Schooff, ebizQ editor, raised this question on the ebizQ Cloud Computing forum today.

Obviously, given my recent area of research, I think this is an excellent question and to my delight it has been matched with an equally thought-provoking discussion on the forum thus far!

For those of you who have been following me, you'll agree that I've covered a great deal on this very topic in my first and third podcasts on Cloud Computing within the Federal Government (was this a shameless plug?)

I agree with Dr. Smith (on the forum) that the government is not a profit-driven business but cost is still an issue with balooning deficits, many competing initiatives and programs for tax dollars, and our energy independence at stake with close to a billion dollar energy bill each year just for operating the government run data centers! OMB mandates and the president's budget leave no doubt that each agency is being asked to become more efficient and lower costs.

Control (privacy, security of information assets, compliance with regulations, etc.) is also a valid concern, which, as Anthony (also on the forum) pointed out, could be addressed by so called "private" clouds. Such clouds already exist such as with the National Business Center's cloud, DISA's RACE, and NASA's Nebula.

So do I believe that there is a good fit between Government and Clouds?

Absolutely!

* Originally posted on the ebizQ Cloud Computing Forum on July 6, 2010.

HP Slashes 9000 jobs - Blame the Cloud?

Today's hot question on ebizQ's Cloud Computing forum - Are the 9000 jobs lost from HP as it shifts its data centers to cloud computing a harbinger of widespread IT job losses due to the greater automation that cloud allows?

This question has a BIG assumption built into it - that all 9000 people laid off worked in HP data centers watching consoles, loading tapes, running/scheduling batch jobs, etc.

It is simply NOT true.

For example, HP at a single stroke halved their R&D people based in Bristol, UK and slashed its five remaining laboratories in Bristol (HP Labs) to two as well as closed all of its Japanese research.

Another example: HP is cutting 5,700 jobs in Europe with some 700 to go in the UK, with the primary focus on its manufacturing plant in Scotland where products have become increasingly commoditised and the sites are under-used. Given the current economic climate and continued pressure on costs it seems reasonable that manufacturing work is going to the Czech Republic.

The above examples of jobs lost (R&D and manufacturing) have nothing to do with Cloud Computing. It's just good, old fashioned business.

* Originally posted on the ebizQ Cloud Computing forum on June 22, 2010.

Cloud 2.0? Really?

There's been some interesting conversation about Cloud 2.0 recently on ebizQ including a podcast and a follow up question about whether it was time for Cloud 2.0.

Already?

I did not even realize that we have a tangible enough Cloud 1.0!

Anyways, my response to the question about whether it was time for Cloud 2.0 is sure if you can answer yes to each of the following three questions:

1. Is there a universally agreed upon definition of Cloud 1.0? (Just think of all the debate around the "private" cloud)
2. Are questions around security and privacy of data, interoperability and portability between clouds, and auditability sufficiently answered?
3. Do we have adequate, agreed upon, and universally adopted standards for Cloud 1.0?

Answering yes to the above questions would imply that we have reached or are close to a "steady state" for Cloud 1.0, which in my opinion is a prerequisite for Cloud 2.0. Think about it: when Web 2.0 came along, could we not have answered yes to all of the above questions for what we now refer to as Web 1.0?

* Originally posted on the ebizQ Cloud Computing Forum on June 15, 2010.

My Podcast - The Coming Cloud Computing Standards: Talking Cloud with Tarak Modi

Listen to my latest podcast The Coming Cloud Computing Standards: Talking Cloud with Tarak Modi.

Feel free to send comments. I look forward to your feedback and suggestions for future podcasts

Cloud Computing - Downsides?

Peter Schooff, ebizQ editor, asked the following question on the Cloud Computing forum today:

"Certainly one of the main concerns with the cloud is security, but with this mad dash towards the cloud, what are some of the other downsides to cloud cmputing that need to be considered?"

Hmmmm... Where to begin? The top 3 for me include:

1. A fear that the vendor hype will set unreasonable expectations and ultimately cause disillusionment with a very viable business and technology platform.
   
2. The critical need for standardization to enable portability and interoperability.
   
3. Technology purists getting hung up on names and implementation details rather than achievement of benefits.
   

* Originally posted in the ebizQ Cloud Computing Forum on May 18, 2010

Fact or Fiction - A Fifth of Enterprises Will Hold No IT Assets by 2012?

It's a fact if you believe Gartner quoted in this discussion as saying that a fifth of enterprises will hold no IT assets by 2012 as Cloud Computing and Virtualization practices become commonplace.

My take is not so fast...

Let's analyze this a bit more. As a far as a fifth of all companies I could agree because almost all startups and many of the smaller size companies are “clouding” their IT assets. But that does not mean a fifth of ALL IT assets will be in the cloud. I think the fraction of all IT assets that are “clouded” will be significantly less than one fifth as most medium and large businesses as well as the Fed will be skeptical about “clouding” their IT assets for the foreseeable future. Do I hear someone say “private” cloud?

So the nutshell:

One fifth companies - Yes, it's possible.
One fifth of all IT assets - Not so fast.

* Originally posted on the ebizQ Cloud Forum on May 11, 2010

It's official.. Again.

A press release announcing my appointment as Vice President and Chief Technology Officer at CALIBRE was released yesterday (May 5, 2010).

Here's the direct link:

CALIBRE Systems, Inc. Announces Appointment of Vice President and Chief Technology Officer

My podcast - For EA in the Government, Just Follow the Money

Listen to my latest podcast For EA in the Government, Just Follow the Money.

Feel free to send comments. I look forward to your feedback and suggestions for future podcasts.

Meaningful SOA Metrics

This is essentially the sequel of the previous discussion about service reuse on the ebizQ SOA forum. If we accept the premise that service reuse is not an optimal metric then what is?

Well, SOA is often touted as the "silver bullet" that will increase resusability, enhance maintainability, reduce rework, and so on. In that spirit, I think a metric of prime importance should be the Total Cost of Ownership (TCO) per Unit of Software Complexity (or Size) such as Function Points, Use Case Points, SLOC, etc. Assuming that you are already well down the path of SOA, a necessary first step would be to establish a historical baseline (pre-SOA) to compare against. The hope is to see current (SOA-based) measurements below the baseline with a continuous downward sloping trend.

* Originally posted on the ebizQ SOA forum on April 22, 2010.

Stevie "Wonders" about Cloud Computing

I never thought I'd meet music legend Stevie Wonder. So imagine my surprise when he came to G&B yesterday and sat in the office right next to me almost all day! I finally gathered enough courage to take the few steps to introduce myself to him.

Amazingly, within the first few minutes our conversation led to Cloud Computing. He had heard about it but did not know what it really meant. I explained it to him comparing the evolution to the rise of electic utility companies. He got it and I know because he started finishing my sentences! We talked for quite a while about other things too: religion, politics, terrorism, and my (East) Indian heritage. He even sang a line from one of his songs!

A truly amazing experience indeed... After all, how many technologists can claim that they explained Cloud Computing to Stevie Wonder!

Service Reuse... What are reasonable expectations?

Today's ebizQ discussion on the SOA forum is around service reuse. To me, this is deja vu all over again. I remember this same discussion about libraries, procedures, objects, and components. Now it's about services.

In my opinion, service reuse is the wrong metric to be tracking with SOA. In addition to be being very subjective, it's a very tactical metric akin to saying that an "enterprise is secure because our firewall has no known vulnerabilities." While an amusing statistic, service reuse is not why an SOA should be implemented, nor is it the proper way to justify it. Then what makes the business case for SOA? That would be a tangible, demonstrable alignment to organizational and business objectives.

* Originally posted on the ebizQ SOA forum on April 15, 2010.

Is Web 3.0 a Convergence of Cloud and Web?

We've been having some interesting conversations on ebizQ recently. Today's topic was based on a recent article on ebizQ that pondered whether Web 3.0 was really just a convergence of the Web and the Cloud.

According to Tim Berners-Lee (paraphrased of course) Web 3.0 is an overlay of what he has been calling the "Semantic Web" on top of the existing Web 2.0. Nova Spivack defines Web 3.0 as a connective intelligence; connecting data, concepts, applications and ultimately people with the Semantic Web being a part of it but not the end all. Almost every other definition of Web 3.0 also makes some reference to a core component of "intelligence" as well.

The question about whether the convergence of Cloud and Web is Web 3.0 is interesting. After some thought, however, I believe that while Clouds will be an essential foundation to support 3.0, they are not the critical component of 3.0. Their role will be similar to others such as BI, SOA, AI, etc. but just as Web 2.0 is not Web + SOA, Web 3.0 will not be Web + Clouds. In fact, one could argue that clouds have always been around. After all, haven't we all depicted the Web as a "Cloud" at one time or another?

* Originally posted on the ebizQ Cloud Computing Forum on April 13, 2010.

Is SOA the Foundation of a Private Cloud?

An interesting question posed by ebizQ's Joe McKendrick today on the SOA forum. His premise is that the purpose of SOA is to enable delivery and reuse of services across the enterprise, which are made available to end-user departments via a directory or registry/repository meshes with the concept of private cloud. Therefore, if you are building an SOA-based infrastructure, are you not also building a private cloud?

I think the question has been artificially constricted in that it should not be limited to the "private" cloud but ALL clouds in general.

In terms of the relationship between SOA and Clouds, I see them as complementary, convergent, and as essential constituents of a larger ecosystem. This is exactly what I talked about in my article titled The Cloud SOA Ecosystem on ebizQ back in October of 2009.

A few excerpts follow:

"The convergence of the cloud and SOA was bound to happen. Several independent events have led up to this perfect union. First, the emergence of the cloud as a viable business and innovation platform that is evident from the sheer number of vendors proclaiming "cloud" products and services and the wide scale adoption of the cloud by many Fortune 500 companies and even the U.S. Federal government. Second, the economic downturn has brought cost cutting initiatives, frugality, and operational efficiency back in fashion. Third, SOA, although undoubtedly a superior architectural style, has struggled to remain mainstream in the eyes of the business beyond the notion of "improving reusability" -- so much so that many technology pundits were even questioning whether SOA was dead!...

...As if the above events were not enough to bring them together, SOA and the cloud have a shared objective: improving the alignment of IT and business with the goal of justifying current and future IT investments, improving IT responsiveness to business change, and increasing operational efficiency. Both the cloud and SOA move the IT function beyond managing applications and infrastructure into a partnership with the business to provide agile solutions to solve dynamic business problems.

The convergence of the cloud and SOA goes beyond just simple alignment of common needs or shared objectives. It is a true symbiotic relationship where SOA fulfills the basic need of the cloud of an application architecture that aligns with and can support its own virtualized, multi-tenant, elastic being.”

Now, how about adding BPM to the mix?

* Originally posted on the ebizQ SOA forum on April 8, 2010

Should a Private Cloud Still Be Considered a Cloud?

This deceivingly innocuous question sparked another lively debate (and some name calling) on the ebizQ Cloud Forum today. So, is a private cloud still a cloud?

Absolutely.

Let's not get hung up on names. The end game is to realize the benefits of the cloud business model. Yes, some options might be better at realizing a subset of benefits (such as cost reduction) than others but not all options are suitable for all business requirements. Regulations, privacy standards, and security requirements might preclude the "public" option is some cases. Should those entities fore go the cloud benefits because of a "naming issue"? Instead of names, let's focus on the real issues of a cloud - security, portability, interoperability, privacy, and trust.

* Originally posted on the ebizQ Cloud Forum on April 6, 2010.

Listen to my Podcast on Government Clouds and SOA

My first Podcast ever... You can listen to it at the following link:

Government Cloud Is Where the Action Is: Talking With Tarak Modi

Feel free to send comments. I look forward to your feedback and suggestions for future podcasts.

Is Multitenancy a Prerequisite for Cloud Computing?

There is interesting and ongoing debate among cloud gurus over whether multitenancy is a prerequisite for cloud computing. Well, the debate has now made its way on the Cloud Computing forum on ebizQ. And I just had to respond with my 2 cents...

I think the answer varies by perspective. For example,

1. The cloud provider would want to maximize multi-tenancy to realize economies of scale and maximize revenue from a fixed set of assets (hardware, software, infrastructure, etc.)


2. The cautious consumer would like to minimize multi-tenancy with the most obvious reasons being security, privacy, and performance.


3. Vendors who make money from selling on premise software and hardware would like to minimize multi-tenancy to preserve their revenue streams.

Hmmmmm... I think my answer boils down to "It depends."

* Originally posted on the ebizQ Cloud Computing forum on March 9, 2010.

The Future of Desktops

Another interesting discussion on ebizQ today about a recent statement by Google's European director of online sales, John Herlihy, who said that in three years time the desktop will be irrelevant.

Ok, it sounds good and is memorable. But just how true is this statement?

I basically agreed with Nari Kannan's point of view.

Mainframes were supposed to be obsolete a long time ago. But in fact, according to Gartner, the mainframe has gained 16 percent of market share in the high-end server category since 2001. IBM seems to believe this since it unveiled the z9 in the 2005, following a three-year, $1.2 billion development project and the z10 in 2008, which it spent $1.5 billion and five years developing.

Last year we heard the proclamation that "SOA is dead." The fact is, however, that with the Cloud Computing boom, SOA is picking up even more steam as applications either migrate or get built for the cloud.

Sometimes I wonder if declaring a technology dead has the reverse effect on it. In that case, if Google really wants desktops gone, declaring them irrelevant may not be the best strategy after all. :)

* Originally posted in the ebizQ Friday Forum on March 5, 2010

Is SOA focussing on the wrong layer in the Enterprise?

The question that came up on the ebizQ SOA forum today is "Are Current SOA Efforts Too Focused on Applications, Versus Data Integration Requirements?"

ebizQ's Joe McKendrick further explains his question - "An SOA Data Integration Architecture Community has just been launched. Are current SOA efforts too focused on applications, versus data integration requirements? If so, how can these two disciplines be brought together?"

A very interesting and thought provoking question indeed.

I would contend that applications are the gateway to data and a defense-in-depth mechanism/control to enforce business and security related rules to ensure the appropriate use and manipulation of data. If one accepts that premise then it implies that application integration is data integration and therefore, SOA is focussed at the proper layer (i.e. applications) in the enterprise architecture.

That does not mean direct data integration never occurs. Data Warehouses are an example of where this does happen since these are created by integrating, combining, and denormalzing data from many different sources.

* Originally posted on the ebizQ SOA Forum on March 4, 2010

Hot of the Press: Part 2 of the Cloud Computing Journey

Here it is.... Enjoy! :)

Hot off the Press: The Cloud Computing Journey (Part 1 of 2)

As IT departments across the globe embark on their cloud computing journey, they inevitably discover that cloud computing is the ultimate "paradox of ease." Things that should be difficult are handled by the cloud with suave finesse. On the other hand, things that might be dismissed as trivial turn into nightmares. But a cloud computing journey no longer has be an unpredictable series of events given the wealth of knowledge we can gain from the lessons learned by the early pioneers who are well into their respective cloud computing journeys.

Four key lessons that I will walk you through over the two-part series include:

1. Plan, plan, and execute: getting your data center in order


2. Understand the converging service models and their manifestations


3. Governance is crucial: not as an afterthought but from the get go


4. Workload migration: starting with the low hanging fruit

Click here to read the first part of the two-part series on "The Cloud Computing Journey - Learning from the Early Pioneers".

CISA Results are in... and I PASSED

After waiting for 47 gruelling days, I finally received the results for the CISA exam I took on December 12, 2009.

All that matters now is that I PASSED! :)

I'm thinking about preparing for and taking the CISM test next. Why do I keep doing this to myself?

Google V. China - My Thoughts.

Last week was indeed a week of shocking news stories including the breaking news about contention between one of the worlds leading corporations (Google) and one of the worlds strongest economies (China). And as I've followed the unfolding events, I have pondered several things:

1. Google has all but pointed their finger at the Chinese Government being behind the attacks. This leads me to believe that the attacks and the potential damages might be significantly higher than what is being told to us currently.



2. Google has taken a strong moral position on the freedom of information on the Internet by stating that they will not censor search results on Google.cn. This might mean that if the Chinese govenernment does not relent Google might close its doors in China for good. We can be sure that other companies - not just Internet/Web ones - are watching this very closely and what they do will definitely depend on what happens between Google and China.



3. Google is a distant second to Baidu in China with no foreseeable chance of ever becoming #1 unless something drastically changes Is Google using the recent cyber attacks as a lever to gain a competitive advantage in China with uncensored searches? After all, Google has a much better chance of gaining substantial market share from Baidu in an uncensored, open market. Taking the moral high ground is good for Google's image as well.



4. Today there are at least 18 cybersecurity bills before Congress with none having a clear majority. Most cyber security experts agree that nations such as China and Russia threaten the security of American government and private-sector key IT systems. Consider that the Pentagon has spent more than $100 million in only 6 months responding to and repairing damage from cyber attacks. Hopefully, the congress will finally get its act together in this critical matter and pass a cyber security bill with some real teeth to protect our national interests - public and private.
   

I'm sure, we've only seen the beginning of what is surely to be a memorable event in the history of IT.

* Originally posted in the ebizQ Friday Tech Forum on January 15, 2010.