Tech Tug of War: Can we all win?
This is part 2 in a 3-part series by Patrick Kerpan, CEO and co-founder at Cohesive Networks
Check out part 1: The Next big cloud technology movement isn’t a winner takes all battle
Enterprise customers are making a conscious choice of going all-in on a specific cloud provider’s IaaS and PaaS platform services, or doing more of the infrastructure work themselves “over-the-top” to retain more direct control of their infrastructure. Many enterprises are building customized IT infrastructure with containers, IaaS and data center resources.
There will be two paths in the future of IT: the “all-in” route and the “over the top” route.
The choice between provider ecosystem services and do-it-yourself building blocks is a deliberate choice, with some serious implications:
- “All-In” can have serious barriers to future migrations.
- “Over-the-Top” requires users to manage greater complexity.
Status Quo doesn’t last
There is a theory out there — a theory I strongly disagree with — that all the companies that will ever use cloud have already started moving to the cloud and everyone else will keep building data centers. I believe this is not the trend at all.
Instead, people are using the cloud for more and more things. Some move production workloads to the cloud and get better economies of scale and savings. These people still need a lot of control and insight into what is going on with their servers, applications, and networks. They are using cloud primarily for the underlying infrastructure.
Another, growing, camp is using the cloud as a “design center” to test and explore. In order to really benefit from the cloud platform, they go “all-in” with services like Amazon’s Lambda, SQS, Kinesis, Mobile Hub, and other linked services offered by cloud providers. They are capitalizing on the flexibility and speed of the public cloud.
Cloud Tug of War
Currently, Amazon is the dominant public cloud provider. But lately Microsoft Azure has really come into its own. Though the new Azure portal, they’ve piled on a lot of platform offerings now too. So by comparing AWS and Azure’s infrastructure (IaaS) offerings or platform (PaaS) offerings — can only one of them win? What if it’s both?
People have very short memories. It was just a couple years ago when pundits were ready to throw down and say that no one would ever do transactions over the internet. E-commerce was never going to work, they said. No one would put their credit card on the internet, they said. No one would buy anything outside of a store, they said. No bank will ever use the public cloud, they say. And yet…
Re-examining the stack in the cloud
In a data center, the customer obviously owns and maintains 100% of the infrastructure, networks, walls, security, and content. For the sake of simplicity, this virtualized data center stack consists of: hardware (x86 virtualized servers), virtual infrastructure (hypervisors), and virtual machines (VMs, made of operating systems and apps). It might look something like this:
Now, once an organization starts using cloud services — infrastructure as a service (IaaS), platform as a service (PaaS), and/or Software as a Service (SaaS) — a line emerges between what the organization can directly own, control, and view. We call it “the limit of access, control and visibility.” Amazon has a similar line in their Shared Responsibility Model where they define how AWS is responsible for security of the cloud, while customers are responsible for security in the cloud:
So when an organization uses a cloud provider’s platform services to go All-in, they worry less about the underlying components like compute, networking, ensuring uptime, upgrading server patches, and all the management headaches of owning infrastructure. That line of access, control and visibility creeps up the stack, and looks like:
And finally for SaaS services, like cloud-based accounting software or a website editing portal, are all app and no infrastructure worry. Typically users simply log in a web UI and edit the application without a thought to what type of servers run the SaaS or what country their data centers are in.
What does it look like?
All-in for speed and agility
All-in users are typically startups or run projects that need rapid dev/test abilities. They need to focus on the code, not the core.
Organizations like Evernote, Major League Baseball, London Heathrow, Philips and more use “all-in” technologies to quickly get access to hardware without hardware worries or slowdowns. Providers offer the latest hardware and keep up to date on compliance, security updates, and hardware refresh. These organization use all-in to catapult their new projects beyond their status-quo.
Use case: Major League Baseball in Amazon AWS Lambda
Major League Baseball’s Advanced Media (MLBAM) team wanted to build a new interactive, data-rich tool to enhance MLB games with more information. The team needed to connect every ballpark location in the league, but had to account for days with up to 15 games as well as off-season lull. Rather than build data centers in each stadium, they use Amazon AWS.
MLBAM uses services like Ec2, S3, DynamoDB, and Lambda. These services connect, compute, store and retrieve MLB game data. AWS Lambda, a compute service that runs code in response to events, is one of the hot new All-in services that promises compute power without administration. Lambda automatically runs, scales, and meters compute power needed. Check out their full use case on the AWS website.
Over the Top customized control
Over the Top is great for organizations that want all the benefits of IaaS plus some control beyond the basics. Over the Top allows organizations to deploy virtual infrastructure, custom application infrastructure, platform services, and applications on top of IaaS services and applications.
Organizations can get that over the top control while building on the cloud infrastructure. Docker, Ruby on Rails, RabbitMQ, Nginx, and Cohesive Networks allow customers to build over the top of other infrastructures. Startups and heavy hitter cloud customer already run their own virtual infrastructure and services “over the top” of clouds today.
Use Case: Washington Post Runs Docker in AWS
The Washington Post needed to innovate and rapidly iterate existing applications written in multiple languages including Java, Node, Python, and Go. The WaPo uses Docker Engine and Docker Compose to deliver continuous deployment system connected to their AWS based environment. They build on their existing apps and AWS infrastructure while leapfrogging compatibility issues when building out their new Arc Publishing solution. Check out the full WaPo use case on the Docker website.
Bonus Use Case: ERP Provider Connects On-Prem, Cloud and Customers
A global ERP and CRM company provided software services directly to enterprise customers’ data centers. The company had existing data centers, but also wanted to offer a secure SaaS solution. Using Amazon AWS, the company built out a global, distributed infrastructure. Building on top of the cloud IaaS, the company chose VNS3 to go beyond the AWS Virtual Private Gateway and traditional Cisco Firewall devices to connect multiple customers into segmented, secure groups of resources within AWS. Their architecture looks something like this:
Part Three: What does the future look like if we can choose the best of All-In and Over the Top?
About the Author
Patrick Kerpan is CEO & CTO at Cohesive Networks. Previously was CTO at Borland, founded Bedouin, and managing director for derivatives technology at banks.
Make sure to also read:
- “Guard Against Cyberattacks — Application Segmentation and Security” -putting the concept of defense in depth into the cloud application layer
- “Putting the NIST Cybersecurity Framework to Work” a use case for applying the Framework to an IT organization
Subscribe to the Cybersecurity War Stories publication on Medium to get more from me and other IT security professionals in the trenches.
