23 December Mirantis Brings an Open Source Cloud to Enterprise IT Specialists December 23, 2013 By Josh Cohn Cloud, Enterprise, Startups Cloud, startups, Mirantis 1 Comment 8949 Views As most IT specialists are only well aware, the enterprise IT world is changing at a pace that is almost unprecedented. From security, to mobile to BYOD, IT managers are facing a plethora of new challenges that were not even on the roadmaps of many CIO's even five years ago. Of all the changes occurring in the enterprise, a very good case could be made that the rapid and widespread adoption of Cloud computing is the biggest change of all. In that regard, we are pleased to introduce Mirantis, which is a leading developer of Cloud solutions based on the open source platform OpenStack. Joining us today is Mirantis' VP of Marketing David Fishman. IT Specialist: David, welcome. To start with, can you provide some brief background on Mirantis such as what year you were started, who are Mirantis' founders and what was the inspiration for starting Mirantis? David: Mirantis got its start more than a decade ago operating offshore product design centers for algorithmically intensive software development. About 3 years ago, one of the co-founders, Boris Renski, spotted the emerging trend towards cloud, and foresaw an opportunity to match the company’s deep software engineering expertise with the just-then-introduced OpenStack open-source cloud operating system. Open source infrastructure software provided a particularly strong application for the company’s resident deep engineering skills. Renski persuaded the co-founders, now-chairman Alex Freedland and CEO Adrian Ionel, to roll the dice. We joined the nascent OpenStack foundation, and got started building OpenStack clouds right from the very first release. IT Specialist: As I understand, Mirantis is the largest Cloud computing company based on OpenStack. Could you explain in more detail what OpenStack is, how it developed, and why would an enterprise IT Professional or other customer want to choose an OpenStack Cloud over a non-Openstack Cloud - for example specifically compared to Amazon Web Services? David: We’re the largest dedicated, independent supplier of OpenStack technology and solutions, with over 50 customers in production. We’ve built OpenStack clouds for companies as diverse as Cisco Webex, Paypal, Huawei, Dell, AT&T, HP, Intel, NASA, Comcast, Cloudera, Ericsson, Sprint and many more. OpenStack was pioneered by RackSpace and NASA, when they set out to build a uniform set of service-based interfaces that would manage and control key compute resources in the cloud – namely: processing, storage, networking and authentication, with integrated management. Amazon Web Services set out to do the same thing, with one really big catch. As a single company in control of implementation, they’ve pioneered great work at scale that’s legitimized the cloud model and empowered developers as equal partners in infrastructure and distributed apps. They also succeeded in quickening some of the pulse at Vmware, arguably the other essential predecessor to OpenStack. IT Specialist: What is so important in your view about open source technology in general, and OpenStack in particular? David: Focusing on OpenStack, the most compelling difference with either of these predecessors is that OpenStack set out to do it in open source. The reason I say so is this: code transparency in the increasingly complex compute world isn’t a convenience, it’s a must-have. There’s just no other practical way to bring the myriad use cases required by the endless variety application workloads, nor is there any more practical way to get technology innovators – commercial, government, and academic – to collaborate on robust, peer-reviewed, meritocracy-driven code. What’s more, if you have a use case no one has thought of yet, you can take the code and bend it to your will. You don’t have to wait for some vendor to account for your needs someday in their roadmap. When you combine the code transparency with a uniform set of interfaces for allocating and controlling resources in the cloud, you get a very powerful, versatile, and very extensible platform. Spinning up virtual machines, allocating storage, deploying images, controlling network and security access, all come from a single set of common, well-publicized interfaces. Compatibility is policed by market players with an interest in making the technology interoperate. Unlike the standards of the past, those standards are not passive engineering exercises: they are working code that needs to march through a pretty rigorous set of regressions for every change, dozens of changes per day. (Of course, even the regression test gating framework, called Zuul, is also open source). IT Specialist: Before the Cloud and OpenStack came along, how would enterprise IT specialists bring additional computing power and storage into their networks, and was it possible to even manage this remotely, or was that just a characteristic that came with the Cloud? How did the Cloud - and OpenStack - change the existing paradigm? David: Before OpenStack (and Amazon, to be clear), spinning up machines and storage, networking and managing them remotely required a menagerie of specific, often incompatible interfaces from different companies. It led to tremendous waste, both in the amount of cycles required to manage the menagerie, as well as poor utilization. Vmware made a huge contribution, by enabling consolidation to improve utilization – more OS's, fewer machines. But the most painful inefficiency was that change was slow and painful, and IT organizations built up huge backlogs of dated applications. Vmware’s consolidation efficiencies did little to address that. By the time developers and system administrators could agree on how to tune a box and its app, everyone was exhausted, and the last thing anyone wanted to do was change it. Who wants to re-install Oracle and build out its data storage any more often than is absolutely necessary? The Infrastructure-as-a-Service (IaaS) model pioneered by Amazon, and open-sourced by OpenStack, changed all that. It enabled developers to control distributed infrastructure resources directly. Developers rapidly grasped the benefits of truly distributed applications, and built out tremendous innovations, at companies such as PayPal, Webex, Netflix, SalesForce and more. These scale-out applications change rapidly, and treat infrastructure as a fluid resource. Contrast this with the classic approach, where each server is a special, custom-crafted creature, like a pet. It becomes the application’s whole world, and admins give the server a name, stay up late nights when it becomes sick, trick it out with accessories. In the cloud, apps treat your servers like cattle: give ‘em numbers, and if they get sick, shoot ‘em and eat ‘em. One of the Directors of the OpenStack Foundation, Randy Bias, describes this as the 'pets-vs.cattle' analogy. However, running on Amazon means you get none of the benefits of optimizing your infrastructure to your business needs – which means utilization, compliance, and not least, competitive advantage. The API set for EC2, and all the permutations of the EC2 platform, are controlled by Amazon. Need something that’s not on their road map? Too bad. Got internal systems – such as ACLs/directory, etc. – that you need to integrate with new distributed apps running in the cloud? Only if Amazon thought of that first. Need to tune your application down to the metal iteratively, with no clear way forward other than test and reconfigure? Not so much. In a nutshell, working with Amazon is like paying rent on an apartment. Sure, it’s a convenient way to start, and you can call someone else to fix the faucet – unless you can and need to fix it yourself. You give up control. With OpenStack, you get full ownership and transparency from top to bottom, and you can change your cloud to your competitive advantage. IT Specialist: When it comes to Open Source technologies, there is sometimes a tendency for vendors to find a way to layer their own proprietary technology into the solution - which of course can defeat purpose of an Open Source solution at all. May I ask if Mirantis brings any of your own proprietary technology into the picture? David: That’s a great question. We work very hard to keep our technology and solutions vendor agnostic, because the flexibility you get with open source is exactly what customers come looking for. For example, our provisioning automation framework product called Fuel for OpenStack, which forms the foundation of our technology services and solutions, is available as open source, and is fully transparent to help avoid lock-in. I should say that vendor agnostic is not the same as distro-agnostic or release-agnostic. While we support all major Linux vendors, it makes no sense to take any arbitrary open source components and ignore release stability or compatibility, particularly with respect to integration. So we carefully vet the distros and releases we support to ensure robust compatibility, without playing favorites or introducing lock-in. IT Specialist: Let's turn our attention to the OpenStack Foundation itself. When was the Foundation formed, and what role does Mirantis play in the Foundation? Would you be able to highlight who are some of the major vendors who are part of the OpenStack Foundation - I believe IBM recently came out in favor of OpenStack? David: The OpenStack foundation was incubated by Rackspace, and formed with the introduction of the code from the original joint project with NASA. Mirantis joined the foundation right at the outset during incubation, as one of the original supporting companies. The code was contributed to the OpenStack foundation, which incubated it and opened for business in the fall of 2012, with the support of a couple-hundred member companies. There’s a 3-part governance structure: The Technical committee is comprised of 13 peer-elected leads who set the direction of the software development and code. The foundation Board of Directors of is made up of 24 members, including the 8 platinum sponsor companies, 8 of the 13 gold sponsor companies, and 8 individual members elected from at large among the users. The third leg of governance is the User Committee, which is made up of nearly 6,000 users worldwide. Mirantis is a Gold Sponsor and an elected member of the Board of Directors. What’s noteworthy about the 200 companies who are members of the foundation is that they represent a pretty complete cross-section of everyone who has a stake in the future of cloud computing. IBM, whom you mentioned, is a Platinum Sponsor; as are the top 3 Linux distributors, Red Hat, Canonical, SUSE; plus Nebula, Rackspace, HP, and AT&T. Add corporate sponsorships from Cisco, Dell, Ericsson, Vmware, Juniper, Yahoo, adding up to about 200 supporting organizations -- a pretty impressive collection of logos. The logo collection isn’t what makes OpenStack work; rather, it’s the release and contribution model. OpenStack is not a single project like Linux; it’s a set of projects under a common framework. What’s more, the projects release together on a single, integrated timeline, every 6 months, avoiding a lot of the churn you seen in other open source communities. There’s a design summit every six months to hammer out the roadmap for the next release. The most recent complete release is called “Grizzly”; in the fall, we’ll see the “Havana” release come out. The best way to gauge the health of the project is to look at who’s contributing and the activity level. Mirantis recently released a dashboard, called stackalytics.com, which shows who’s contributed what to which OpenStack project over a given timeline, both by individuals and companies. IT Specialist: OpenStack is not the only open source Cloud technology. Cloudstack and I believe Eucalyptus are the two main open source competitors to OpenStack. Could you compare OpenStack to Cloudstack and Eucalyptus, and what makes OpenStack stand out among these three? Do you think that the industry will eventually coalesce around one de-facto open source Cloud standard? David: It looks increasingly like the industry has coalesced around OpenStack. There’s a fair amount of discussion on this topic right now, because the metrics are immature (one company got credit for 200,000 lines of code when they search/replaced the name of a module). But there are some very, very strong indicators that OpenStack is running away with the leadership. CloudStack has strong single-organization sponsorship behind it via Citrix, and was an early leader. The level of developer investment activity compared to OpenStack, as measured by commits and lines of code, has slipped over the last 12 months. Contributing CloudStack to The Apache Software Foundation helped breathe some life into the project. Eucalyptus got a fair amount of attention early on, but they’ve lost momentum. Over the last 12 months, according to Ohloh, they have 55 named developers contributing to the project, vs. 979 in OpenStack. One of the most interesting assessments of comparative cloud project health and activity is compiled by an employee of Eucalyptus, named Qy John, out of China. His graphs also show the scales have tipped to OpenStack. From an informal commercial sense, I can tell you that we almost never hear about Eucalyptus as a competing alternative in business opportunities, and about CloudStack, only occasionally. IT Specialist: Mirantis has three main types of customers as I understand. These are IaaS service providers; SaaS vendors; and enterprises. Can you highlight what type of services Mirantis provides to each of these three segments of the market? Also, I believe you just recently released a product called "Fuel" - can you provide an overview of what this is? David: With service providers – who basically run the range from telcos to hosting companies – the primary driver for OpenStack is building differentiated public cloud services. Our engagements there are about helping to build out unique IaaS cloud offerings, as well as integrating with existing OSS and BSS types of systems that the service providers have in practices. Essentially, these companies want to compete with Amazon, and they’re looking to Mirantis and OpenStack to help them do it. AT&T is probably the best example. The SaaS companies we talk to are really interesting, because they often started their cloud offerings before anyone knew what IaaS really was. They built out a variety of home-grown cloud infrastructure, but it got fragmented because most SaaS organizations were created by building distributed infrastructures driven by application developers. While that’s a good goal in theory, in practice what happened is that developers of different application modules picked their own virtualization infrastructures. So companies like Cisco Webex and PayPal turned to OpenStack (and Mirantis) to rationalize their infrastructures around a common standard. We underwrote a report by GigaOM to examine how they’ve benefited by this kind of streamlining. In the enterprise, what we’ve seen is companies who see the benefits of rapid change facilitated by the SaaS model waking up to realize that the other players in their market are moving faster, and they need a way to do so. So they take a page from the SaaS players, and look to OpenStack to cut the costs and increase the speed with which they can introduce changes to their applications. Fuel is open-source software we put together to automate the process of standing up an OpenStack cloud. As you might imagine, the networks, storage, servers, security and organization of OpenStack cloud components require a lot of carefully coordinated configuration between them. Since we’ve built dozens of production OpenStack clouds, we captured that experience in Fuel to make available as a product. Fuel’s goal is simple: to make it faster, easier, and less costly to set up an OpenStack cloud. We provide both CLI-based and GUI-based options, which guide you through the steps you need to get your cloud configured correctly. Unlike some of the other installer utilities, Fuel also builds in a library of proven deployment configurations – for example, configuring the underlying services for high-availability, which is not native to OpenStack by default. IT Specialist: Looking more specifically at the enterprise, can you provide an overview of how enterprise IT specialists - who comprise a large part of our audience - can benefit from using your solution? Do you tend to focus on building private Clouds for enterprise customers? David: Our business is still evenly mixed between the 3 classes of customers I just talked about, but the largest incidence of new inquiries is coming from enterprise organizations, and increasingly, we’re seeing the shift to OpenStack private cloud accelerate. For an enterprise IT Pro, the first question to ask is, what has my infrastructure done lately to speed up the introduction of new applications and features to make my company more competitive? The curse of IT, as has been well documented elsewhere, is that 2/3 of the budget goes to maintaining old systems and applications. That’s a disaster in any technology-driven business – and increasingly, that’s just about any business where information matters. I think a lot of enterprise IT folks are risk-averse, having been burned in the past by shifts in business priorities. But this would be fighting the last war, never a recipe for success. I’ve written about this in WIRED, for example. The good news for IT Pros is that if they can handle Linux, they can handle OpenStack. We recommend that you take a run at it with DevStack, a lightweight sandbox implementation made up of documented shell scripts to build complete OpenStack development environments. A more complete way to give it a run is using Fuel. I’d say the most important step for any IT pro is take a good hard look at whether developers in their organization are running on Amazon EC2. The old school response would be to try to shut them down, which I think is a big mistake. Rather, it’s a matter of understanding how to enable developers to create and control their infrastructure in a way that’s both agile and reliable. OpenStack is set up to do both. The beauty of open source and OpenStack is that you can try it now. I’ve talked to literally dozens of customers who call us after standing it up on one or 5 servers at home, who then “get it” and want some guidance on how to get started. IT Specialist: How has your traction been in the in the market to date, and are there any examples of partners or customers that you could share with us? David: So far, so good. We’ve seen a tremendous surge of interest in OpenStack, across sectors. A couple of examples of our customers: Cisco Webex turned to us to consolidate their fragmented infrastructure onto OpenStack. They talked about it at the Fall 2012 OpenStack design summit; you can see that video here, and listen to a webcast we put together featuring Webex and GigaOm here. PayPal is also a big customer: they’re aggressively retooling their cloud to accelerate the rate of change in their apps. They needed agility without sacrificing availability. That balance between endless uptime and rapid time to introduction of new features is essential for any company that needs competitive advantage. One of the things that PayPal did to compress the time to deploy new features from months to hours is to carefully study how many tickets a developer had to file to get his/her new feature into production. The result is that they got the time down to minutes-to-hours. IT Specialist: How much capital has Mirantis raised to date, and who are your core group of investors? I believe you just recently closed a $10 million round? David: In 2013, after over ten years of cash-flow-positive operations, we took on $20M in investment from Intel, Red Hat, West Summit Ventures, Dell, Ericsson and SAP Ventures to accelerate growth. IT Specialist: Finally, for customers who may be interested in working with Mirantis and/or want to do a trial within their organization, what is the best way to interface with you? David: First, get smart about OpenStack. You’ll ask us better questions and we’ll be better able to help you. The first thing you really must do is check out the OpenStack site at openstack.org. Pick a project that’s of interest to you, and drill down. Or watch the videos from the recent OpenStack summit. Then, go to www.mirantis.com and read up on Mirantis and OpenStack. Check out our blog, which is generally more technical than not, including some good tutorials. And download Fuel, including the VirtualBox kit, to get started and see what it takes to get going. If you’re ready to get serious, sign up for one of our training courses, or drop us a line via the website. Showing 1 Comment [Trackback] Trackback from Domain: itspecialist.comHow is Open Source Cloud Standard Performing in the Market vs. AWS and Others?http://www.itspecialist.com/Blogs/TabId/207/PostId/37/how-is-open-source-cloud-standard-performing-in-the-market-vs-aws-and-others.aspx last year Comments are closed. Related CipherCloud CMO on Cloud Cybersecurity: If Your Data is Unencrypted It's Vulnerable To Hacking As even casual observers of the IT industry are aware, cloud computing is dramatically changing the industry. In organizations large and small, IT specialists are wrestling with how and when to move their enterprise's data to the cloud as well as what will happen to it once it's there. One issue that is becoming an increasing concern for IT specialists everywhere is the security of their company's data once it is in the cloud. While there is no question there can be substantial cost savings associated with the cloud, hackers have also seen the cloud as a potential trove of sensitive information including financial and other corporate documents, health records, personal addresses and more. Not surprisingly, from data mining to fishing and other techniques, hackers have been aggressively targeting cloud providers and their customers. Finally, let's not forget that the ongoing revelations of the NSA's PRISM and other spying programs have driven home to organizations who use the cloud that they cannot necessarily be sure what country their data is stored in, and the rules and regulations regarding data protection vary widely across jurisdictions. In that context, for cloud computing to continue it's growth path, users will increasingly want to marry cloud computing with cybersecurity. One company that is on the leading edge of cloud security is CipherCloud. In that context, I am joined today by Paige Leidig, CipherCloud's SVP and Chief Marketing Officer, who will discuss the issues and challenges involved with cloud security, and how CipherCloud addresses there. IT Specialist: Thank you for joining us today Paige. To start with, can you provide some brief background on CipherCloud such as what year you were started, who are your founders and what was the inspiration for starting CipherCloud? Paige: CipherCloud was founded in late 2010 by Pravin Kothari, a former co-founder of ArcSight, a security company which HP acquired for $1.6 billion earlier in 2010. A serial entrepreneur and technologist, Pravin had the foresight to sense an opportunity in protecting sensitive enterprise information in the cloud and across multiple clouds. He also understood that since cloud data can reside in any country, it can be subject to local law enforcement that can seize that data. He founded CipherCloud to eliminate these critical issues and make it possible for organizations to enable their secure move to the cloud. Organizations have a desire to use more cloud applications and also have control over their sensitive information, but they are concerned that encryption breaks the application command, such as search and sort. Their cloud encryption gateway is designed in a way to enable organizations to protect their data in the cloud without sacrificing application functionality, user experience, or performance, and without making any changes to the cloud application. IT Specialist: Could you explain at a high level what are the major issues involved in Cloud security - I would venture to say that cybersecurity is one, and that related to this would be all of the regulatory aspects in the Cloud, is that correct? Paige: At a high level, the cloud creates information protection challenges that fall into 4 camps: security, privacy, residency and compliance. First, information and infrastructure have to be protected from malware, theft and increasingly from surveillance. Second, is Personally Identifiable Information (PII) has to be protected to meet privacy requirements established by U.S. state privacy laws. Third, are data residency guidelines that stipulate that data cannot leave the boundaries of a country. Fourth, in the case of heavily regulated industries (financials, insurance, healthcare, etc.) is the requirement to comply with industry and government regulations - GLBA for banks, PCI DSS for payment card merchants, HIPAA/HITECH for healthcare etc. IT Specialist: How prevalent are Cloud security breaches, and more specifically, from a technical perspective what are the main types of possible breaches that enterprise IT specialists should be concerned about? Paige: With more data moving to the cloud, cloud breaches - including the largest publicly announced - are inevitably increasing as the bad guys historically follow the money. But in addition to cyber thieves looking for personal data and IP to steal and sell, the NSA PRISM revelations highlight that surreptitious cloud surveillance is another risk to their data being disclosed without them knowing about it. IT Specialist: How or why do these breaches occur? Paige: Aside from accidental leaks, breaches happen when an unauthorized entity breaks into a server - either hacker or internal employee usually for the end goal of stealing valuable information to sell on the black markets or to use for competitive advantages. If the data is unencrypted, then it's vulnerable. IT Specialist: This may sound a bit simplistic, from an enterprise IT manager's perspective, can't they simply count on their Cloud provider to protect their data security? If the answer is no, then why is relying on their Cloud provider not enough? Paige: Some cloud providers offer encryption of data at rest while in their servers, but many do not. However, even if data is encrypted by the cloud provider, they typically decrypt data during any type of data processing as they hold the keys. This leaves the data vulnerable to rogue insiders, mismanagement or forced legal disclosure, and many legal experts agree that this is not adequate for regulatory compliance. By comparison, with CipherCloud's solution, the encryption keys never leave the organization, assuring compliance and protection of the data. IT Specialist: Your web site highlights a number of protection controls CipherCloud delivers, including encryption, tokenization, activity monitoring, data loss prevention (DLP) and malware detection. Can you briefly speak to each of these? The concept of tokenization is particularly interesting, where your data appears to reside in the Cloud, but it's actually still behind the firewall - what does this actually mean in practice and how does tokenization actually operate? Paige: We provide a platform of cloud-based security and compliance software: AES-256 bit encryption - Operations-preserving encryption that protects sensitive information before it is sent to the cloud Tokenization - Actual data resides locally in a token cache / database, and what is sent out to the cloud are tokens that are structurally similar to the actual data, but have no mathematical correlation. Cloud Data Loss Prevention (DLP) - Custom DLP policies that scan, detect, and take action to protect sensitive information in any field or document, providing an additional level of security and control Cloud Malware Detection - Information exchanges including external and internal user uploaded attachments are screened in real-time for virus, malware and other embedded threats Activity Monitoring - Security dashboards report on activities to monitor out of compliance users IT Specialist: One thing that strikes me about CipherCloud's approach to Cloud security is that you seem to have a strong focus on securing data - for example through encryption or Data Loss Prevention strategies - before it reaches the Cloud, or essentially while data is still within the enterprise's own network. Is this just the most natural way to approach Cloud security, or does it represent a particular strategy CipherCloud decided to use? Paige: We think our approach is the best way to protect data in the cloud because it offers enterprises the ability to preserve the usability and functionality of their cloud applications. Our software encrypts data before it ever leaves the companies network, with negligible impact to the cloud application performance. The net effect is that users have a seamless interface and experience with the cloud application - but with the robust security of CipherCloud. IT Specialist: Speaking of encryption, I see you actually offer military grade, AES encryption schemes, as well as software-based cryptographic key management based on a standard called NIST SP 800-21. Can you explain what cryptographic key management actually is, and why this would allow an enterprise IT specialist sleep better at night? Paige: We use AES-256 bit encryption, which is the most advanced known protocol for encryption. It's the standard that governments around the world use to encrypt their sensitive information. We also give the encryption and decryption keys to the enterprise. As we covered earlier, when an enterprise retains the keys, they have more control over their data, resulting in tighter security and better compliance. AES encryption has been certified by NIST under FIPS 197 and CipherCloud is in the final certification process for FIPS 140-2. The AES standard has been publicly published and extensively reviewed and tested by many independent organizations. In addition, CipherCloud's implementation has gone through rigorous testing, code review and validation by dozens of major enterprise customers including the world's largest banks. IT Specialist: Does CipherCloud's technology offer security for any Cloud-based application or product, or is there a particular group of Cloud products you focus on? For example, does securing a product such as Microsoft 365 present different challenges than, say, a Cloud product from Google or even from a specific SaaS vendor such as Salesforce? Paige: We offer out-of-the-box cloud information protection software for popular enterprise applications such as Salesforce, Gmail, Office 365, AWS and Box. Additionally, our Connect AnyApp framework can provide this same level of cloud information protection to any cloud application, including home-grown mash-ups. IT Specialist: Turning our attention now to your customer base, are there any vertical markets from where you see a particular focus on Cloud security? For example, it seems like Government might be one. I would also have to imagine that certain industries which are subject to particularly strong security compliance and privacy standards regulations - Healthcare? Finance? - also would need to be extraordinarily cautious about ensuring their Cloud security - is this accurate? Paige: Government, finance and healthcare do represent some of our existing customers. Insurance, retail and hi-tech are also among our verticals. Essentially, we're a good fit for any organization that is handling sensitive data in the cloud and needs to overcome data privacy, security, residency and regulatory compliance risks. IT Specialist: How has the overall reception to CipherCloud been in the enterprise market, and can you give us a sense of the total size of your customer base? Are there any particular customers that you are able to highlight and share with us? Paige: With a product that is just over two years old, we have grown extremely rapidly. We now have more than 1.2 million users in North America, South America, Europe, and Asia in over 10 industries including banking, insurance healthcare, government, high tech etc. Our customers include the largest banks and investment houses in the world. In the aftermath of the NSA PRISM revelations, we received a spike interest from prospects around the world as the threat of cloud surveillance by governments raised concerns for increase data protection and the need for companies to protect their data from third parties, whether a government agency collecting records or a malicious hacker looking to steal IP and personal information. Our customers include the largest banks in the world who use us for mortgage, personal and investment banking. In fact, Mitsubishi just announced that they are using CipherCloud for Salesforce. IT Specialist: From a corporate perspective, has CipherCloud raised any capital to date, and if yes, who are your core investors? Paige: Andreessen Horowitz invested $30 million in December of 2012. Our other investors include Index Ventures and T-Venture. IT Specialist: Finally, Who do you primarily interact with in the enterprise, I assume you work closely with IT departments and enterprise IT specialists? For prospective customers who may want to work with you or trial your products, what is the best way for them to interface with CipherCloud to start the discussion process? Paige: We interact with line-of-business executives whose budget pays for the deployment of existing and new cloud applications within a company, IT security specialists who validate the capabilities of our offering, IT architects who determine how our solution will fit into their company's infrastructure etc. The best way for prospects to reach us is to drop us a note firstname.lastname@example.org,as well as join us at any of the upcoming public events we will be attending. IT Specialist: Finally, turning to the future, is there any upcoming news or new product releases you might like to highlight? Paige: Stay tuned for launch of a number of new offerings this Fall, focused on extending our out-of-the box support for more popular cloud applications as well as deepening our security controls to provide an even stronger level of protection to data stored in the cloud. IT Specialist: Thank you for joining us today Paige, and best of luck going forward. Cloudability Allows IT Departments To Track and Manage Their Cloud Costs (and AWS Loves Them) The single biggest single trend within enterprise IT the last few years has been the move to the Cloud. Enterprises from the Fortune 500 to SMEs are increasingly moving their applications - if not their entire businesses - to the cloud. What many IT departments may be missing, however, are two main considerations. First, how can IT departments track and manage their cloud costs? Second, and perhaps even more importantly, what is the connection between and enterprise's cloud costs and the ROI on their cloud investments. One interesting startup that assists IT departments with both of these considerations is Cloudability. Today, we are joined by Cloudability's CEO Mat Ellis. IT Specialist: Thank you for taking the time to answer some questions Mat. To start with, can you provide some brief background on Cloudability? Mat: We began as a simple email update for a couple of my friends who had their businesses on the cloud. One day, the system I used to send the email broke. And the urgent calls from executives that the list had been forwarded to — execs who relied on it to see how much they were spending on the cloud — started to pour in. That’s when I knew there was a need for a service like Cloudability. That simple email turned into what is today the market leader in cloud spend analytics. An email that has grown into a company with a team of 25 world serving more than 8,000 customers in over a hundred countries around the globe. And those customers have spent over $700 million on the cloud since we began. IT Specialist: At a high level, can you provide Cloudability's perspective on the overall state of the Cloud computing marketplace today? It seems like Amazon are the big boys on the block, but Microsoft and Google are clearly looking to take share as well? Mat: I’m sure everyone’s looking to take a bite out of Amazon, but the reality is that, today, they are simply tributaries in the larger flow of cloud revenue dominated by AWS. Will that change some day in the future? Sure. IBM’s moves with Softlayer seem to be paying off, though there’s debate about how much of that business is directly cloud. Microsoft appears to be making a strong go of it with Azure. Google’s product is, as you expect, very well engineered but they will need to demonstrate their commitment to this end of the market before they will be seen as a serious alternative to AWS. So, yes, I think we’ll start to see competition heat up sometime over the course of 2014. But, for now, the market remains strong for cloud services and Amazon will be in the driver’s seat for the foreseeable future. IT Specialist: As Cloudability focuses on containing Cloud costs, I was wondering what your perspective is on how much – if at all – enterprise IT departments can save by moving to the Cloud? Will a move to the Cloud automatically save money for IT, or is this something that is not guaranteed? Mat: Everyone seems to think that the cloud is about saving money. On many levels, I’m sure that’s true. However, in our experience, we’ve actually seen the opposite. When managed correctly, companies tend to spend *more* on the cloud. Having confidence that you’re getting a good return on your spending, and then using that insight to budget more strategically leads to doing more with the resources already in place. Often, that means more cloud in preference to more data centers and techops staff. At a fundamental level, the cloud has gone from “It’s coming. Are you ready?” to “It’s here. Are you on board?” And while there’s still some discussion to be had about things like maximizing security in some applications or uptime and performance in others, the conversation is now less about whether or not you should use the cloud and more about how to ‘do’ the cloud in your organization. IT Specialist: Turning now to Cloudability, it seems like you offer a simple but compelling value proposition to enterprise IT specialists – ‘we save you money on your Cloud costs’ – is that a fair summary? Mat: Our value actually goes a lot deeper than cost savings. Typical first month savings are about 20% to 25% of spend. Customers may initially come to us for that reason or to just to get their costs under control, but they soon discover that our platform gives them a lot more than that. When they realize they can now track costs at very granular levels across their entire IT supply chain, well, that’s a strategy shifter. With Cloudability companies are able to connect every dollar of cloud spend with something that drives sales or delivers on their strategy, right down to individual products and divisions. IT Specialist: Turning now to Cloudability’s technology can you provide a bit of a behind the scenes overview on how your solution works? As I gather, it is quite granular and tracks all Cloud spending on a daily basis – is it an API or another method that enables you to pull all of this data together? How does Cloudability handle security, which I would imagine many of your customers have concerns about? Mat: Our product is provided as an easy-to-use SaaS product. Cloud is as cloud does :) Adding cloud vendors to an account is as easy as going to our site, selecting the vendor you want to add to our system, and then entering a few values to give us access to your account — which is something we do differently than others in the industry, and which allows us to provide better, faster and more comprehensive access to your spend and usage data. Once the access credentials are verified, it’s off to the races monitoring and measuring your cloud costs. From there, the platform let’s you find stuff like cloud resources you’re paying for but not using, track your spending and usage, get a sense of trends over time, view spending broken down by things like product, feature, division, team, etc., and get recommendations on large purchases like AWS Reserved Instances. Regarding security, we have put an enormous amount of time and energy into robust security practices. Data is encrypted at every step of the way; we never receive or transmit unencrypted account information. We first encrypt it in the browser then re-encrypt with an even more secure algorithm once it reaches our servers. Only a specialized set of hardened servers — something we call “strongboxes” — are able to read the encrypted blobs. The strongboxes accept no incoming connections of any kind so their instances must be killed and manually re-deployed using strict security procedures when any changes to code need to be deployed. Staff members do not have the ability to decrypt encrypted account data, and we use extensive best practices to keep our customers’ sensitive information secure. We built in this security because originally we needed your master user ID and password to get at the data. Those days are long gone now, but customers love this level of security and so we’ve continued to spend a lot of time focused in this area. IT Specialist: From the perspective of IT professionals – who constitute our primary readership – how easy is it for them to use and operate Cloudability’s solution? More specifically, what type of specific outputs – such as graphs, charts, e-mail updates etc. – will IT specialists actually receive that will allow them to track their organization’s cloud spending? Mat: It’s incredibly easy. We’ve always felt very strongly that design and interaction of a product is as important as the code it’s built on. Remember, the product started out as something that got passed along from engineering to executives, to keep them happy you weren’t over-spending. There’s a wide variation in how different people get to see the reports we generate. So, from the start, making Cloudability easy to spin up, use and share was an important part of our product design. That focus on design allows IT professionals to give their finance and management teams the visibility they need in a format they can make sense of, without having to constantly chase manually generated reports. Cloudability allows you to track daily changes in spending, with budget alerts when accounts are predicted to exceed limits, spending breakdowns to see which services and accounts are costing the most and daily email reports delivered right to their inbox. You can even optimize when they see the impact that a design decision has on the cost of a product by creating a “cost by product” Cost Allocation Report. We hear regularly from our customers that providing insight into these costs promotes engineer efficiency, by saving time (from constant enquiries and data gathering) and by reducing waste (by easily spotting redundant services and accidental over-spending). IT Specialist: As I gather, Cloudability has developed a close relationship with Amazon Web Services – can you provide some background on how that relationship developed and what are the benefits to AWS customers from your Amazon partnership, i.e. what specifically about their AWS service will they be able to track? Mat: To be completely honest, when we started the business we weren’t sure how vendors like AWS would receive our product. So we built it to be very resilient, in case they tried to shut us down. But it turns out that all the best services understand that unless customers get great value and know it, they will go elsewhere. Maybe this particular system is stuck on that particular cloud, but the next 50 projects will go elsewhere. From the beginning, AWS gave us a lot of support (and a ton of service credits) and access to the team that built their billing systems. Thanks to this, we were able to eliminate the security risks (that you had to give us your master user ID and password) and greatly increase the quality of the data we receive from them. For example, we know get over 7,000 times more data for the same customer spending the same amount than we did two years ago. The fruits of this relationship has allowed us to greatly improve the amount of detail in our reports, improve our estimates of future spending, give you much better insight into trends (thanks to tags and hourly resolution), and most recently, for us to build what we think is the best Reserved Instance Planner tool out there today. The whole issue with calculating Reserved Instances is that you have to know how often you're using your RIs and how much of them you’re using. Cloudability gives customers a three month histogram that tells you what percentage you’ve been using your RIs by hour. It’s a really clear, simple representation of your usage — a green line or a red line that tells you whether you need to buy more RIs. It doesn’t get more straightforward than that. And it would be impossible without hourly resolution data from AWS. It’s worth mentioning that the work we’ve done with AWS has set the standard for the cloud industry, and other large vendors are now working with us to get the same features for their customers. So even if you don’t use AWS or plan to move, you can thank them for helping to set expectations that if you want to play at scale you have to provide enough data to ensure you’re getting good value for money. IT Specialist: Is your solution limited to AWS, or can customers of other Cloud providers benefit from Cloudability’s technology as well? In addition, are you focused on IaaS, or do you work across the continuum with PaaS and SaaS as well? Mat: Cloudability is a service for companies that are making heavy use of the cloud, which today normally means things like infrastructure and Amazon Web Services, but we see as meaning any highly variable IT costs. We currently support AWS, Rackspace, Heroku, NewRelic, IBM/SoftLayer, Akamai, HP Cloud and a few other services. We’re committed to supporting whatever services are being used at scale in the industry, and our platform is ‘open’, i.e. it’s easy to interface with us, so expect a lot more integrations over the next year or two. Let’s just say that if you need to measure your cloud spending, we cover your *aas ;) IT Specialist: Can you provide an overview of Cloudability’s products? For example, do you have a single offering or is there a kind of tiered structure? Mat: We have three tiers: Free, Pro and Enterprise. Free is exactly what you’d think, and more. Track to your heart’s content and get a taste for the power of what we do. No credit card needed. We hope the Free version will help you quickly see the value of cloud cost analytics and graduate to the Pro edition, giving you much finer detailed usage and cost reports, plus access to things like tag based reporting and the RI planner. If you are using the cloud across more than one or two teams, our Enterprise level helps you herd the cats, manage things like consolidated billing (and access to those awesome tier discounts) and showback/chargeback reporting. IT Specialist: What type of reception has Cloudability received in the enterprise market to date, and are there any customers and/or case studies you might want to highlight? Mat: Until last year most of our users were technology companies: you know, software, mobile, gaming, web scale apps and media companies. Over the past year we’re seeing more and more of everyone else, especially public companies. And they’re coming on the cloud in a really different way. The technology companies, they really get the whole technology vision of the cloud, so spending can get a little bit out of control and they need to get the genie back in the bottle, so to speak. Public companies, on the other hand, say things like “we’re not even looking at this cloud thing until we know we have it under control.” And so they’re taking a completely different approach, top down, almost like they are deploying cloud like an application. And they’re very happy to see that they can actually get some control and insight with our service. We work with a number of large companies, but one of the most visible uses of our platform was by the Obama For America team, who used our technology to stay ahead of their cloud spending during the last U.S. presidential election. You can hear the OFA team talk about it here: http://blog.cloudability.com/obamas-team-rock-stars-of-aws-reinvent/ IT Specialist: Turning now to Cloudability at the corporate level, have you raised any capital to date, and who are your primary investors? Mat: Our $8.7M in funding comes from the who’s who of the venture capital industry: Foundry Group, Techstars, Trinity Ventures, 500 Startups and a consortium of angel investors. IT Specialist: On a company level, I read that Cloudability actually was listed recently as one of the Top 15 startups in the US to work for – what do you think enabled you to make that list in terms of your team or culture, and why might IT professionals and software engineers want to work for Cloudability? Mat: We’re mostly based in Portland, Oregon, with about 20% of our staff working remotely. The Portland startup environment is like nothing I’ve ever seen before. (I spent most the 2000’s working for startups in the Bay Area.) The region’s core values are about teamwork, humility and connectedness, which is why my co-founders and I decided to start up here instead of the Bay. Personally, I prefer this kind of working environment. You know, when great ideas flow but nobody’s really sure who came up with the original thought? Our team is very close: we hold company off-sites twice a year, and you don’t have to have a reason to fly here for a few days or a few weeks if you are a remote worker, we’re just glad to see you in the office for a bit. We also have a lot of kids between us, and that makes for fun family events outside of work, as well as a place where children-driven randomness is accepted as an inevitable fact of life. Our vision is also a big driver of what it’s like to work here. We think the cloud is going to have some very profound impact on the planet, as it makes hugely scalable and reliable infrastructure available to everyone, and on the best economic terms. Once you believe this to be true you get a strong urge to share it with as many people as possible, and as quickly as possible. So, when we looked at the problem of cloud adoption, we saw that one of the big headwinds slowing it wasn’t really the maturity of the technology (you could already do lots even a few years ago), but something much more basic: quite simply, fear. I mean, if you think cloud is hard or impossible to control, why on earth would you inflict it on your organization? That would be a bit crazy. By helping folks understand what they are doing with vendors like AWS, Microsoft and Google, we are reducing that fear, and increasing confidence, which in turn is accelerating the spread of this amazing invention called the cloud. Something we’re very proud to be playing a part in. And we think faster cloud adoption is a very good thing for humanity: less damage to the environment, more efficient use of all the millions of computers installed around the globe, coders spending more time on data and algorithms, and all the marvelous inventions that come with that. Plus the tremendous value it will create as compute becomes ever more pervasive in our daily lives. Some of the things we see the cloud enabling doing are pretty cool. 10 years ago it would be hard to imagine having Netflix on an iPad Air running in over 50 countries, but even that pales in comparison to things like consumer DNA testing or DNA driven custom medication programs, both things that are only economical when you don’t have to own all the computers necessary to do the heavy lifting required. I think our team feels the same way, and the result is a close knit and highly motivated team who get a lot done while growing and having fun at the same time. And don’t forget also, helping to change the way the world does compute. Our staff enjoy all the benefits you’d expect from a fast-growing company to offer: a competitive salary in an area with very low cost of living compared to the cloud; generous stock options (over half our stock is owned by current employees); 100% paid health care for employees and their families; no formal vacation policy (take what you need when you need it); free parking and gym membership; and company events that include regular happy hours, off-site retreats and sponsored participation in local events. But let us not forget the people. Everything we do comes down to them, and we’re very proud of the amazing family we’ve created here at Cloudability. IT Specialist: Finally, for IT specialists who might want to consider working with Cloudability, what is the best way for them to contact or interface with you? Mat: They can visit our jobs page or contact me directly. If you’re based locally we hold an open office ‘happy hour’ every month, check out our twitter feed for details. IT Specialist: Thank you for joining us today Mat, and best of luck going forward. DC Startup Divvycloud Makes Managing The Cloud Easy As enterprises large a small continue to grow, IT departments are faced with new challenges. How can they manage their clouds? Are they making maximum use of their cloud's capabilities? How can they leverage their cloud deployments to reduce costs? These are critical issues for IT to answer, as the entire point of moving to the cloud is to make managing a company's IT infrastructure more easily and at lower costs. Luckily, for IT specialists who are trying to figure out the asnwers to these questions, Washington, DC-based startup Divvycloud has some answers for them. A graduate from B2B-focused accelerator Accelerprise's program, Divvycloud has already raised two rounds of funding and is quickly achieving traction in the market. Joining us today is one of Divvycloud's founders Brian Johnson. IT Specialist: Thank you for taking the time to answer some questions. To start with, can you provide some brief background on who the founders of Divvycloud are and what are your backgrounds? Brian: The two founders are myself and my colleague Chris DeRamus. Both Chris and I come from the large gaming company Electronic Arts. At EA, we ran the operations for their large multi-player games online. We managed several data centers, thousands of severs and a large engineering team. Many of these games had hundreds of thousands are even millions of players all playing at one time, so it was a huge operational IT challenge. IT Specialist: What was your team’s inspiration for founding Divvycloud? Brian: When the cloud first began to pique IT departments’ interest with the advent of Amazon, Chris and I looked for ways to leverage the cloud at EA. We concluded that by moving our legacy products to the cloud, we could save money and improve performance. We gained a huge amount of experience doing this, but we did discover some downsides of using the Amazon cloud. First, it would go down at least a couple of times a year, costing EA hundreds and thousands of dollars. We also, interestingly enough, discovered that the cost savings were not what we anticipated. The virtualized power of the Amazon cloud was not as much as our data centers, and hence we frequently needed to spin up way more server power on the Amazon cloud than. Finally, cybersecurity was a constant concern, as we were always concerned we would wake up one morning and that EA would have suffered a massive compromise. With that background, we began to think about how to create a solution for enterprise IT departments that would help them manage and control all of their various cloud services from a single, easy to use interface. The idea was to provide IT departments with comprehensive visibility across their cloud computing servers – including the ability to see potential breaches in real time – as well as to track costs and usage so that IT departments would get the maximum cost-effectiveness from their cloud services. IT Specialist: What is your current view of the global cloud market, and what problems was Divvycloud created to help solve? Brian: One of the major trends we are seeing is the increasing use of hybrid cloud architectures, where IT departments employ both public and private clouds. As part of this trend, we are also seeing companies start to use multiple cloud vendors across their enterprise. Finally, as many larger enterprises move to the cloud, they are managing cloud deployments across multiple regions and time zones. As I understand you focus on multi-cloud management – can you explain what this means? Also, is it a real trend within the enterprise that IT departments are managing multiple clouds? IT Specialist: It looks like you allow for three main functions, cloud management; cloud tracking; cloud auditing. Can you explain in practice what each of these three things mean? Brian: Absolutely. Let me go over each of these in turn: Cloud Management: Divvycloud’s solution provides a single point of contact to manage all of IT’s cloud resources. As I noted above, enterprises today may be running multiple cloud products from multiple cloud vendors. Each of these different vendors have their own management platform, and maintaining control and visibility of all cloud services across the enterprise is difficult since they each have separate management tool sets. DivvyCloud provides complete configuration management capabilities across multiple cloud platforms and hypervisors, all from a single easy to use tool. This single point of control means IT now can have a comprehensive view of change and visibility across their entire enterprise. Cloud Tracking: The cloud tracking function allows you to closely watch how you’re spending your money. The cloud has endless availability, and unlike with on-prem data centers, there are no limits to how large you can scale. Our cloud tracking capability allows you to get key intelligence into your spending across all your different cloud accounts and instantly see how those hourly charges impact your yearly spending. We also have a really neat function called “Cost Simulation”. Our solutions allows IT professionals to simulate different cloud services and functions, for example how scaling up or down affects your operational spending. Rather than trialing different services and then deciding, this cloud simulation function allows you to understand in advance the affect of potential scaling up or down. For example, say you want to convert your AWS systems to reserved instances? Our Cost Simulation function can show you how much you’d save. And likewise, what the additional costs would be to scale up additional servers. Cloud Security: I think just about every IT pro I’ve spoken with has this nightmare where they wake up and discover there cloud service has been breached. I know this was my great fear when I first started moving to the Amazon cloud when I was with EA. From the perspective of the IT department, one of the risks as your enterprise adopts the cloud is so-called “shadow IT.” The easy availability of cloud services is a wonderful thing, but now anyone in your company with a credit card can spin up their own Amazon cloud service. How do manage this? DivvyCloud provides role-based access control (RBAC) across multiple cloud management platforms from a single tool and interface. DivvyCloud enables administrators and managers to gain visibility and accountability of changes across their enterprise, and our solution allows IT cloud managers to see unusual activity that might indicate a breach has occurred. IT Specialist: What are the different types of cloud computing vendors you support – I assume Amazon of course but could you list the others? Brian: Sure, let me outline these: For public clouds we support Amazon Web Services (EC2/VPC) and Rackspace Next Generation CloudServers. For private clouds we support OpenStack and Eucalyptus. We are also actively working on providing compatibility with other public/private cloud vendors and should have additional support in the near future. IT Specialist: Turning to your interface, how does it compare to the cloud vendors themselves, for example, Amazon’s? We focus on making our interface fun and easy to work with. The Amazon interface might be fine when you have 100 servers, but what happens when you grow to several hundred or even thousands, especially if they are spread out across multiple regions and accounts? Then things can get dicey. For example, you obviously have to switch between interfaces if you manage multiple vendors, or even when you switch between geographic region with the same vendor. DivvyCloud solves this pain point for enterprise IT specialists by allowing everything to be controlled from a single interface. And if you talk to our customers, you’ll hear that the DivvyCloud tool is much easier to use than Amazon’s interface. IT Specialist: Since our core audience are enterprise IT specialists, what would you sum up as the value proposition of Divvycloud to them? Brian: We simplify the lives of enterprise IT professionals by allowing them to manage all of their cloud services across multiple vendors from a single interface. This helps companies control costs and take back control of their clouds for a better security posture. IT Specialist: Turning now to Divvycloud at the corporate level, how has the response in the market been to yur technology? Brian: On the whole it’s been excellent. We’ve got a number of customers using our technology. One I am free to mention is my old company Electronic Arts. IT Specialist: Finally, for customers who may be interested in working with Divvycloud and/or learning more and/or want to do a trial within their organization, what is the best way to interface with you? Brian: We are happy to answer any and all questions. For customers who want to trial DivvyCloud’s technology, they can go to our site and download our solution. IT Specialist: Thank you for taking the time to be with us today Brian, and best of luck going forward. Google Moves Aggressively Into Enterprise IT With Comprehensive Cloud and Big Data Solutions As any IT professional knows, the world of enterprise IT is undergoing a whole series of changes. From Big Data requirements, to BYOD to Cloud computing, IT managers are facing a number of new issues within their enterprise. IT Specialist remains committed to bringing high quality information and different perspectives to IT managers and developers, and in this regard, we wanted to highlight one company that is now competing aggressively against the traditional IT vendors in the enterprise market. While many of us probably associate Google with their search platform and other consumer services, they actually have developed a complete suite of enterprise products, including a Cloud computing offering that provides a comprehensive suite of products for enterprise IT departments, including a fully integrated Cloud and Big Data offering. In that context, I am pleased to introduce Brian Goldfarb from Google. Brian is the Lead Marketing Director for Google's enterprise Cloud division, and he has kindly agreed to answer some of our questions today. IT Specialist: Brian, thank you for taking the time to answer some of our questions. To start with, could you provide a short overview of your role within Google's Cloud organization? Brian: Thanks for having me. I am responsible for making sure that developers and IT professionals around the world know about Google Cloud Platform and what they can do with it. Gartner recently estimated that just 1% of IT infrastructure has moved into the cloud, so this is early days for our industry. What my team works on is making sure that people are aware that Google has a great cloud offering and that we continue to communicate the potential that cloud computing offers to a wide variety of users - whether you’re a start-up, a systems integrator, a mobile app developer, or managing the IT architecture for a large company. At the same time we are constantly collecting feedback from customers and the market and helping direct our product engineers to deliver what customers need and want. IT Specialist: One thing I have learned Brian is how comprehensive Google's suite of products for the enterprise has become, especially in the Cloud space. Can you provide a brief list of all of your Cloud products? I myself see Google Compute Engine, which I gather would be your IaaS offering; Google Cloud SQL; Google BigQuery, your Big Data in Cloud BI tool; Google Prediction API, your Machine Learning tool; Google App Engine for Developers to build applications in the Cloud. Have I enumerated all of them correctly or have I missed any? Brian: We provide a complete collection of services that developers and IT professionals can use for building software in the cloud with a focus on compute, storage, analytics, and app services. Uniquely, PaaS and IaaS are the foundations of our offering, and we have a comprehensive Platform-as-a-Service offering with Google App Engine. Google Compute Engine is our Infrastructure-as-a-Service offering providing linux virtual machines with industry leading performance and consistency. Supporting these compute offerings we have a variety of storage offerings like object and file with Google Cloud Storage and our Persistent Disks. In addition we provide both a fully managed MySQL service with Google Cloud SQL as well as one of the most powerful NoSQL solutions in the market with Google Cloud Datastore - built on an implementation that does over 4.5 trillion transactions per month with 99.95% uptime. Google BigQuery is a robust big data analytics and querying solution making it simple to process terrabytes of data in seconds. And lastly, we have a complete set of App Services like Google Prediction API, Google Translate API, and Google Cloud Endpoints, which provides a simple way to turn any code into RESTful APIs that can be used by a variety of web and mobile application platforms like iOS, Android, and Chrome. Each of these products takes advantage of the same infrastructure and network that we use internally within Google to power Search, YouTube, and other web-applications used by people around the world every day. Fundamentally, our goal is to provide developers with a comprehensive solution that spans beyond traditional IaaS and PaaS distinctions and enables developers and IT Professionals to solve their technical challenges using a variety of flexible architectures that best suits their needs. IT Specialist: Just to bring us all up to speed, do you mind providing a brief description of each one of these products and how they benefit enterprises? Brian: Let me provide an overview of each one of our products: Google Compute Engine lets users run customizable virtual machines hosted on Google’s data centers. This is great for running large-scale computing workloads while having the flexibility to customize the machines to a greater degree than would be possible with a PaaS offering, like Google App Engine. Google Compute Engine lets you deploy a virtual machine quickly and run just about anything with extremely consistent performance and ultra-fast networks. Google App Engine is a development platform that allows you to focus on building web applications without needing to worry about any of the underlying infrastructure. All you have to do is build your application, and we take care of the rest. This is great because it means that you can focus on your code, while Google automatically scales applications across multiple servers to meet variable demand. We’re currently supporting Java, Python, Go, and PHP. Google Cloud Storage is our cloud object storage offering. It offers a simple, programming interface for you to upload or retrieve as much data as you need at any time from anywhere in the world. It is scalable, quick, and offers strong read-after-write consistency. Google Cloud Datastore provides a schemeless, non-relational datastore with built-in query support, ACID transactions, automatic scaling, high availability and already supports over 4.5 trillion transactions per month with 99.95% uptime. Google Cloud SQL is a web service that allows you to create and maintain relational databases in Google’s cloud based on MySQL. Once again, this is a fully-managed service, so you just have to focus on your applications and services and leave the maintenance and administration of the database to us. Google BigQuery allows you to run super-fast, SQL-like queries on data that you have moved into Google BigQuery or that is held in Google Cloud Storage. This is a great example of how we are exposing Google’s internal tools to developers through Google Cloud Platform. 15 years ago, when Google started trying to optimize search across the entire Internet, we needed to find better ways to query massive data sets. As we have continued to iterate on this same basic problem, we have developed sophisticated and fast tools to run queries. Now, with Google BigQuery, we are helping make great analytics technology available to the general public. Google Prediction API is another example of an internal tool that is now available to developers everywhere. The Prediction API allows you to use Google’s pattern-matching and machine-learning capabilities for a broad set of applications and use cases. This can be used to by a retailer to optimize product recommendations, fight spam, develop sales forecasts, or a whole host of other uses. IT Specialist: Brian, one thing that I found interesting is that you have integrated your Big Data products in your overall Cloud offering. I mention this because from the perspective of how their solutions are positioned to the enterprise market, some of your competitors actually list their Big Data and Cloud offering as separate products. By contrast is it fair to say that Google is positioning it's Cloud and Big Data products as closely linked? Brian: Exactly. One of the things we are trying to do with Google Cloud Platform is break down the traditional industry distinctions between IaaS, PaaS, Analytics, Storage, and everything else. All we care about is creating a great developer and IT experience that allows people to easily do what they want to do for whatever their situation might be. For people who are just looking for a big data offering, we have that. But for people who want to move more services to the cloud to take advantage of our speed and scalability, we want to make that process as easy as possible. And, most importantly, we want all of our services to work great together. IT Specialist: There are, of course, quite a number of vendors large and small offering Cloud solutions to enterprises. How does Google see it's Google Cloud Platform differentiating itself versus competitors. To take an example, if a CIO and his team are evaluating Amazon's AWS, Rackspace and Google Cloud, what would be the takeaway you would want enterprise IT professionals to understand about how the Google Cloud Platform stands out? Brian: Each of the companies that you mentioned have really great cloud computing offerings. What people get when they come to Google is the ability to use and leverage leading computer science advances that have their origins in Google itself. The engineers who work on Google Cloud Platform take these great tools that we have developed to handle Google-scale work and make them available to you. And, as we make advances in computer science, we turn these over to users, so anyone who is using App Engine or BigQuery or anything else within the Cloud Platform suite is going to see new functionality rolling out on a constant basis well before the rest of the industry adopts new technologies based on the papers we regularly release. We believe our investments in world leading infrastructure, fast networking, developer tooling, hardware design and software technology will create an integrated offering that will outperform and out innovate the market and give developers and IT Professionals everywhere access to build on Google. IT Specialist: There has been quite a lot of commentary in the technology world regarding "Cloud price wars" in the IaaS space. Do you agree with this perspective, and does this mean that the Cloud IaaS market is becoming commoditized? If this is true (and maybe it's not) how does the Google respond to this - I would guess you would focus on selling your complete suite of Cloud products enterprises can build on top of your IaaS Google Compute Engine? Brian: There is no doubt that the innovations and economies of scale delivered by public cloud providers like Google enable very competitive pricing. And, over time, as more and more workloads move to the cloud, prices will continue to fall - both because of more diversity and better utilization but also because advances in technology will reduce operating costs and those savings can be passed back to users. Getting great performance and value at a competitive price is critical. But it’s only part of the story. The raw computing infrastructure itself is just one part of our broader ecosystem of offerings. It’s when you combine that with our platform offering, App Engine, or a whole host of cutting-edge APIs that Google Cloud Platform really stands out. IT Specialist: Turning to the future, how do you see Cloud technology evolving, and more specifically, what are the issues and challenges IT managers can expect to face vis-a-vis this evolution? Brian: As I mentioned at the beginning of this interview, we are in the very early days of cloud computing. It’s estimated that just 1% of IT infrastructure has moved to the cloud at this point. But the case for migration for so many uses is going to become much more compelling. And, as cloud ecosystems become more robust, it will be easier to build exactly what you need. That’s the exciting evolution that is going to take place. Right now, you can use sophisticated tools like BigQuery or Prediction API or Cloud Endpoints with relatively little start-up cost or time. As we continue to build out new tools, the number of great applications is only going to increase. The biggest challenge? Being able to adapt quickly to the changing technology landscape and making sure your business is ready. Google Cloud Platform is here to help with that. IT Specialist: Brian, has Google acquired - or are you looking at acquiring - any technology companies that offer a particular enterprise technology that you might want to integrate into the Google Cloud Platform? I say this with the full caveat that I am sure you would not want to publicly comment on any future acquisition plans! Brian: Well you know I can’t say what’s on the horizon for us! But rest assured, we are constantly asking ourselves “What’s next?” We always look to innovations inside Google that we can externalize as well as amazing ideas and talent in the industry that we can acquire, integrate, and improve upon for our users. Pushing the boundaries of what cloud can do is where we start every day, and there are many ways we will push the envelope even further. IT Specialist: Finally, are there any additional points that you would like to highlight about the Cloud market and the Google Cloud Platform specifically? I think that that we’ve covered a lot of the highlights. I would encourage anyone who is interested to give Cloud Platform a try. You can get a simple application up and running really quickly and if you have any feedback, let us know. In fact, to help you get started, anyone reading this can have $2000 in credits to use on Google Cloud Platform on me. Redeem it atcloud.google.com/starterpack with code itsi-pub. IT Specialist: Thank you for your time Brian, and we certainly look forward to future updates from you. Designing an Efficient Hybrid Cloud for Your Enterprise http://commons.wikimedia.org/wiki/File:EgnyteHybridCloudSolution.jpg A hybrid cloud is an integration of at least one private cloud and at least one public cloud, creating a cloud computing environment wherein some resources are supplied externally while others are provided and managed in-house. Putting everything on a public cloud has advantages, but it is not always applicable to all organizations or business operations. For example, it is inadvisable for organizations that require data sovreignity and control over hardware. The hybrid cloud addresses the shortcomings of public and private clouds, while tapping on their strengths. Before discussing in detail the benefits of a hybrid cloud, however, it’s worth looking at the points that make a purely private and a purely public cloud advantageous. Can a hybrid cloud really provide considerable advantages? Or is it enough to simply stick with either private or public cloud? Advantages of a Purely Private Cloud Private clouds offer the following three main benefits: greater data security, more predictable availability, and full control. Since a private cloud is completely run by the organization, on its own servers, important data are secured the way the organization wants them to secured. This may not always be the case in the real world, but in theory, a private cloud can be more properly secured by an internal IT staff that has a greater understanding of the network’s operation, activity, and the threats expected. Predictable availability is also an advantage for private clouds. The servers are under the control and supervision of internal IT staff so if there are problems, they are promptly detected and (supposedly) promptly fixed. Additionally, private clouds guarantee full control over everything. The organization has full control over policies, configurations, security mechanisms, or the assignment of workload across servers. There are no limitations except for the capacity of the hardware deployed. Resources can be fully used, or some can be temporarily put on standby depending on needs. Resources may even become revenue generators if an organization decides to sell server services to third parties. Advantages of a Purely Public Cloud Public cloud, on the other hand, also offers important advantages. The most noteworthy of which are the lower cost, the reduced reliance on an internal IT department, and scalability. The overall cost of using public cloud over having a private one is considerably lower. This is because an organization, in choosing public cloud, no longer needs to purchase the needed hardware and software, pay for the power to run the hardware and the space needed for them, and spend for the training and salaries of the IT staff. It is also advantageous not having to rely on an internal IT department. Money is needed to hire IT personnel and to keep them updated with the latest in cloud technology. Public cloud service providers are experts and well-updated in their field, so there’s no need to worry about spending for the updates and hardware upgrades. Scalability is also a major benefit in using public cloud. Public cloud service providers have a variety of packages to meet the varying needs of customers. When there’s a need a scale up, an organization will simply be charged according to usage, or one can upgrade to a bigger or higher package. When some scaling down becomes necessary, there will be no problems in disposing equipment or in taking back the value of the equipment that will be unused after scaling down. Benefits of a Hybrid Cloud Model Implementing a hybrid cloud is mainly done to secure mission-critical applications and information by keeping and managing these in-house while taking advantage of the cost-effectiveness and scalability of public cloud options. As mentioned, a hybrid cloud brings together the advantages of both private and public clouds, while remedying or compensating for the drawbacks. Basically, a hybrid cloud model can offer most of the positive points enumerated above. Is a Hybrid Cloud Model Necessary? Any Caveat? The big question: Is a hybrid model right for an organization? For organizations that are already satisfied with the advantages provided by either public or private cloud, it may no longer be necessary shifting to a hybrid setup. In particular, those that have already invested on the equipment to operate a purely private cloud system may no longer consider going hybrid unless there aren’t competent IT staff available to manage the private cloud network, or if a study would prove that running it privately will entail higher costs. Additionally, it’s worth noting that security compliance can become more complicated in a hybrid environment. This is because an organization will have to maintain security compliance for both private and public clouds, not just for one. There are also potential issues when it comes to network complexity and infrastructure dependency. While a hybrid cloud is meant to address the drawbacks of private and public clouds while taking advantage of the benefits they bring, it is not meant to serve as a one-size-fits-all solution. Suitability will still depend on the specific situation of an organization. Designing an Efficient Hybrid Cloud Intel has an excellent white paper on how a highly available, and dynamic hybrid cloud environment can be achieved. This paper offers a considerable amount of technical information, so it is certainly worth using as a reference. However, for those who are looking for quick pointers on designing an efficient hybrid cloud, there are a number of things that should taken into account. First, the workloads should be prudently assessed to properly determine the setup required. The desired IT architecture and app needs, for example, should be accurately evaluated. Tests will have to be undertaken. Geographic restrictions and possible issues in content delivery or network performance have to be factored in. Next, it is essential to be familiar with the different considerations in designing a hybrid cloud infrastructure. There are conceptual and physical design considerations involved. The conceptual design aspect has to take into account architectural principles and patterns as well as a reference model. The physical design, on the other hand, focuses on network and compute design considerations as well as management and support design considerations. It’s also important to anticipate potential issues and risks. There’s a need to ensure security compliance for both private and public clouds. The management of a hybrid cloud should guarantee the protection not just of the organization’s data but also the resources (hardware and software). Look for compliance and security guarantees comparable to that of the Microsoft Hybrid Cloud, including certifications such as ISO 207001, SSAE16 SOC, Cloud Security Alliance Cloud Controls Matrix, FedRAMP, and HIPPA. Additionally, latency and server load issues should be anticipated. In terms of anticipating latency and server load, there is actually an abundance of choice in the area of load balancing technologies. These help avoid overload and downtime by distributing incoming traffic across multiple servers, whilst ensuring business continuity through automated failover. Load balancers vary in shape, ranging from on-premise appliances to DNS-based services and cloud based PaaS solutions. Load balancers also differ in their capabilities, with distribution algorithms ranging from the simple round-robin to a more advanced data-driven options, enabled by layer 7 visibility – the later can take into account the current server loads, as well as packet content, to optimize load distribution. For those in need, this guide to choosing a load balancer can help in determining the best distribution method and deployment mode – depending on your needs and attributes of your core infrastructure. Still, generally speaking, for most intents and purposes a PaaS-based solution may be considered the most robust and scalable option, especially when compared the bare bone DNS-based approach. Moreover, think of the management tools needed when running the hybrid cloud environment. These management tools (example: Operations Manager) are the console or interface that enable the monitoring of workloads and apps across clouds. There should be a unified interface for managing the hybrid environment. There are no fixed formulas or methods in coming up with a hybrid cloud design that is efficient. Everything is still dependent on the specific circumstances and needs of an organization. The points mentioned here only serve as guides in coming up with an efficient design. That’s why it’s very important to carefully and objectively determine whether a hybrid environment can indeed be advantageous. Simply jumping on the hybrid cloud bandwagon does not guarantee success or efficient operation. It’s still important to create a plan or design that promotes efficiency. The Hybrid Cloud is an Integrated Cloud As the public cloud evolves to address more enterprise IT operating requirements it will have to evolve into being a strategic part of a hybrid cloud operating model. Enterprises will demand agility and control for the vast majority of their critical apps, and that is where the cloud opportunity is greatest. The ability to leverage the cloud when and where needed with minimal constraints and maximum control is perhaps the most disruptive IT capability to be unleashed since the dawn of the PC era. Treating the cloud as another fixed environment in an increasingly complex collection of stovepipe environments is the natural extension of “data center think”, but that perspective will become obsolete as clouds become integrated with data centers. Hence recent Gartner predictions about the key cloud driver shifting from cost to agility. Today, cloud migration and cloud integration are at the forefront of this new IT age, yet the tools and solutions are immature, offering varying degrees of the key steps (discovery, blueprinting, provisioning, synchronization and service initiation) required to deploy existing apps without modification into a hybrid cloud operating model. Some apps will no doubt have to be re-architected and other apps may reside in dedicated data centers for their operating life. Some may be delivered by SaaS models into dedicated data centers or various clouds. ð The key is thinking beyond the cloud as a fenced environment as noted in articles from Venturebeat - Hybrid Cloud: Two Competing Models - and Seeking Alpha Hybrid Cloud Market Will be Won in the Middle Ground. Using the Cloud for Disaster Recovery Requires Integration One of the most powerful use cases for the hybrid cloud will be leveraging the cloud for “pay as you go”cloud DR. Cloud-integrated disaster recovery has the potential to significantly enhance the business case for disaster recovery, especially for small and medium-sized enterprises (by reducing expenses and improving RPOs and RTOs) and for large enterprises (by allowing for an extra layer of protection over and beyond the duplicate infrastructures already under management). The basic promise of cloud-integrated disaster recovery is the ability to use the massive investments by Amazon, Microsoft, VMware, Google and OpenStack sponsors instead of having to purchase duplicate hardware and infrastructure for rare or occasional use during planned downtime or unplanned outages. Yet using the cloud for DR will require cloud migration and integration capabilities, versus treating the cloud like an additional stovepipe. With integration, testing, dry runs and aggressive RPOs and RTOs become economically viable for the vast majority of companies. The transition from the data center to the cloud becomes seamless. That makes the cloud transformative versus simply additive. Greg Ness is vice president of worldwide marketing at CloudVelocity, a leader in hybrid cloud software for the Global 2000. As a Future in Review (FiRe) conference panelist, he was among the first to point out network and security issues with virtualized IT infrastructures and then emerging cloud operating models, which led to the formation of the Infrastructure 2.0 Working Group with FiRe advisor Dan Lynch and a host of leaders in the networking industry. Greg's Archimedius blog is one of the world's most influential cloud computing blogs. He was recently named as a Power Player in Business Technology Media by Always On. He has spoken at Interop, Cisco Live, and Future in Review on topics related to virtualization, networking, and cloud computing. Greg has a BA from Reed College and an MA from the University of Texas at Austin.