GovCloud Network

A GovCloud Network Property

Tuesday, October 21, 2008

Cloud Package Management

In his post "Missing in the Cloud: package management", Dave Rosenberg highlights a critical issue in the adoption of cloud computing by government agencies.

"I dare say that a standard needs to be introduced--or at least a quasi-standard like we see for Linux with Yum, RPM and Synaptic (essentially flavors of the same ideal.)

Since Amazon doesn't currently offer this feature, I wonder what vendor will step in to fill this void. So far all the Cloud app guys have taken different approaches which will certainly introduce some additional complexity related to portability (which also needs to be standardized.)"


There was, in fact, quite a bit of feedback on this in the MIT Cloud Computing Survey.

Matthew Small from Rightscale agrees and puts it this way:

"It's a lot of work. Our ServerTemplate model has abstracted the configuration of the server from the base image that must be launched in the host. This provides for interoperability on public and private clouds. My assumption is that eventually there will be a standard "cloud computing unit" of measurement, but every host and vendor now has their own way of doing things and I don't expect that to stop."

"An IT architect at a large IT services company" had the following opinion on interoperability between cloud and enterprise systems:

"The handwriting is on the wall: the cloud will win. The economics are absurdly on the side of the cloud. But as enterprise architects mull things over, they'll want some backup or an alternative in the case one of their cloud providers goes down. If the payroll system is down on Tuesday, who cares? But if it's down on Friday, the enterprise will have a revolt on its hands. (And payroll has long been outsourced.) Right now no two cloud offerings are alike, so anyone indulging in the cloud is instantly locked into a vendor. For the cloud to truly create commodity computing, there must be standards. Standards that are coordinated and define various levels of service and what the interfaces look like (why can't they appear as services?) etc. This will be a hideously complex undertaking but the market will force it so that service consumers will have choice. Otherwise there is no true competition. I see this taking years, and the market will in large measure determine whose approach defines the standard. (Remember ISO OSI? It was all the rage way back when, but TCP/IP buried it in the dust via sheer force of market presence.)"

Bob Marcus and the Network Centric Operations Industry Consortium (NCOIC) are currently addressing their member concerns through discussions around the following topics:

Standardizations Needed

  • APIs between Cloud layers (e.g. PaaS and IaaS)
  • Interoperability across Clouds
  • Interoperability between public Clouds and enterprise systems

Implementation Guidelines

  • Best practices for migrating appropriate applications to Cloud environments
  • Use cases and patterns for Cloud deployments
  • Organizational support with the Enterprise for Cloud Computing

Robust Cloud Operations

  • Security of applications and data in public Clouds
  • Availability, risk management, and SLAs for public Clouds
  • Governance of services across public Clouds and the enterprise

The entire list of NCOIC questions is in the SOA-R wiki. If you are a member of NCOIC, please work with the newly formed Enterprise Cloud Computing Group to provide answers to these important concerns. If you're not a member, please provide your comments here or directly to Bob Marcus at robert.marcus@sri.com. (You could also consider joining the NCOIC)