Book Review: Architecting the Cloud 75
benrothke writes Most books about cloud computing are either extremely high-level quasi-marketing tomes about the myriad benefits of the cloud without any understanding of how to practically implement the technology under discussion. The other type of cloud books are highly technical references guides, that provide technical details, but for a limited audience. In Architecting the Cloud: Design Decisions for Cloud Computing Service Models, author Michael Kavis has written perhaps the most honest book about the cloud. Make no doubt about it; Kavis is a huge fan of the cloud. But more importantly, he knows what the limits of the cloud are, and how cloud computing is not a panacea. That type of candor makes this book an invaluable guide to anyone looking to understand how to effective deploy cloud technologies. Keep reading below for the rest of Ben's review.
The book is an excellent balance of the almost boundless potential of cloud computing, mixed with a high amount of caution that the potential of the cloud can only be manifest with effective requirements and formal security architecture. | Architecting the Cloud: Design Decisions for Cloud Computing Service Models (SaaS, PaaS, and IaaS) | |
| author | Michael Kavis |
| pages | 224 |
| publisher | Wiley |
| rating | 9/10 |
| reviewer | Ben Rothke |
| ISBN | 978-1118617618 |
| summary | Extremely honest and enlightening book on how to effectively use the cloud |
The full title of the book is: Architecting the Cloud: Design Decisions for Cloud Computing Service Models: SaaS, PaaS, and IaaS. One of the mistakes of using the cloud is that far too many decision makers rush in, without understanding the significant differences (and they are significant) between the 3 main cloud service models.
In chapter 1, he provides a number of enthusiastic cloud success stories to set the stage. He shows how a firm was able to build a solution entirely on the public cloud with a limited budget. He also showcases Netflix, whose infrastructure is built on Amazon Web Services (AWS).
Chapter 3 is titled cloud computing worst practices and the book would be worth purchasing for this chapter alone. The author has a number of cloud horror stories and shows the reader how they can avoid failure when moving to the cloud. While many cloud success stories showcase applications developed specifically for the cloud, the chapter details the significant challenges of migrating existing and legacy applications to the cloud. Such migrations are not easy endeavors, which he makes very clear.
In the chapter, Kavis details one of the biggest misguided perceptions of cloud computing, in that it will greatly reduce the cost of doing business. That is true for some cloud initiatives, but definitely not all, as some cloud marketing people may have you believe.
Perhaps the most important message of the chapter is that not every problem is one that needs to be solved by cloud computing. He cites a few examples where not going with a cloud solution was actually cheaper in the long run.
The book does a very good job of delineating the differences between the various types of cloud architectures and service models. He notes that one reason for leveraging IaaS over PaaS, is that when a PaaS provider has an outage, the customer can only wait for the provider to fix the issue and get the services back online. With IaaS, the customer can architect for failure and build redundant services across multiple physical or virtual data centers.
For many CIO's, the security fears of the cloud means that they will immediately write-off any consideration of cloud computing. In chapter 9, the author notes that almost any security regulation or standard can be met in the cloud. As none of the regulations and standard dictate where the data must specifically reside.
The book notes that for security to work in the cloud, firm's needs to apply 3 key strategies for managing security in cloud-based applications, namely centralization, standardization and automation.
In chapter 10, the book deals with creating a centralized logging strategy. Given that logging is a critical component of any cloud-based application; logging is one of the areas that many firms don't adequate address in their move to the cloud. The book provides a number of approaches to use to create an effective logging strategy.
The only issue I have with the book is that while the author is a big fan of Representational state transfer (REST), many firms have struggled to obtain the benefits he describes. RESTful is an abstraction of the architecture of the web; namely an architectural style consisting of a coordinated set of architectural constraints applied to components, connectors and data elements, within a distributed hypermedia system. REST ignores the details of component implementation and protocol syntax in order to focus on the roles of components, the constraints upon their interaction with other components, and their interpretation of significant data elements.
I think the author places too much reliance on RESTful web services and doesn't detail the challenges in making it work properly.RESTful is not always the right choice even though it is all the rage in some cloud design circle.
While the book is part of the Wiley CIO Series, cloud architects, software and security engineers, technical managers and anyone with an interest in the cloud will find this an extremely valuable resource.
Ironically, for those that are looking for ammunition why the cloud is a terrible idea, they will find plenty of evidence for it in the book. But the reasons are predominantly that those that have failed in the cloud, didn't know why they were there in the first place, or were clueless on how to use the cloud.
For those that want to do the cloud right, the book provides a vendor neutral approach and gives the reader an extremely strong foundation on which to build their cloud architecture.
The book lists the key challenges that you will face in the migration to the cloud, and details how most of those challenges can be overcome. The author is sincere when he notes areas where the cloud won't work.
For those that want an effective roadmap to get to the cloud, and one that provides essential information on the topic, Architecting the Cloud: Design Decisions for Cloud Computing Service Models is a book that will certainly meet their needs.
Reviewed by Ben Rothke.
You can purchase Architecting the Cloud: Design Decisions for Cloud Computing Service Models (SaaS, PaaS, and IaaS) from amazon.com. Slashdot welcomes readers' book reviews (sci-fi included) -- to see your own review here, read the book review guidelines, then visit the submission page. If you'd like to see what books we have available from our review library please let us know.
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
I love that add-on because I keep forgetting I have it installed, then, out of the blue, BAM!, a sentence no longer makes sense but is much more fun: "Hospitals now delivering babies in my butt, film at 11!".
One simple question I wish were answered... (Score:4, Interesting)
How would a cloud provider assure customers that their data will remain secure if they go bankrupt or just quit the business?
As of now, if a provider tanks, the servers go to the auction house, and in theory, are blanked. However, in reality, there is no assurance of that, and the buyer will get all data stored free and clear. If they wanted to do a multi-terabyte torrent of a failed bank's account and transaction data, they can, and nothing legally could stop them.
Re: (Score:3)
There is also the question of how good a job they do with encrypting the data. Who at the cloud company would have the ability to decrypt the data? Are there regular security audits by an outside party who can affirm that the things the cloud company claims are in fact accurate?
It gets even more complicated for enterprise users. What happens when an employee leaves the company? How is access controlled to prevent continued access? What about data that you might possess that you might have received unde
Re:One simple question I wish were answered... (Score:5, Informative)
"There is also the question of how good a job they do with encrypting the data."
Most let you manage your own keys. So as long as you have a reasonable key management, it's up to YOU, not the provider.
"Are there regular security audits by an outside party who can affirm that the things the cloud company claims are in fact accurate?"
For the big players, yes. http://aws.amazon.com/complian... [amazon.com]. Also "AWS has achieved ISO 27001 certification and has been validated as a Level 1 service provider under the Payment Card Industry (PCI) Data Security Standard (DSS). We undergo annual SOC 1 audits and have been successfully evaluated at the Moderate level for Federal government systems as well as DIACAP Level 2 for DoD systems."
Every one of those compliances requires auditing.
"What happens when an employee leaves the company? How is access controlled to prevent continued access?"
You federate your enterprise IAM with your cloud provider. Most support some form of SAML or OAuth. ADFS (an MS product) supports such things easily. You terminate the employee in your normal system and their IAM account is terminated. Also, you don't give deep credentials to most people but rather wrap them in services. You then stash those credentials in a secret/key server.
"To me, cloud is all smoke and mirrors."
That is because you haven't done the required reading.
Re: (Score:3)
If I'm running your OS in a hyper-visor, I can pause the VM and dump the memory. Then I've got your key because the OS loads the key into memory.
Your provider can see your data in the clear. End of Story. Physical hardware is the be's all end's all.
Some things are true across all the big players (I don't know about the government-audited services; I can only imaging there's even more tracking).
If you're running the service, you don't have access to the datacenters, and likely don't even have access to the location of the data centers (the big players all keep exact datacenter locations somewhat secret - they have addresses, but the addresses don't mean much). If you work at the data center, you don't know what any given server is doing. So you don't
"the cloud" is not a free service (Score:2)
Most providers of "cloud" services are *not* free. You pay for time, workload, network, storage, etc.
In IaaS (infrastructure as a service) you're basically just renting time/space/bandwidth on someone else's equipment.
Re: (Score:3)
How would a cloud provider assure customers that their data will remain secure if they go bankrupt or just quit the business?
As of now, if a provider tanks, the servers go to the auction house, and in theory, are blanked. However, in reality, there is no assurance of that, and the buyer will get all data stored free and clear. If they wanted to do a multi-terabyte torrent of a failed bank's account and transaction data, they can, and nothing legally could stop them.
Like, a contract to escrow the cost of the wiping and/or returning of all relevant hardware to the original owner? There are plenty of precedents in contract law to mitigate risk in the case of bankruptcy. Just because you can't think of them doesn't mean they aren't there.
Re: (Score:2)
I don't know a single cloud provider that would provide that contract. In other lines of work, there would be a third party escrow company. However, with a cloud provider, since decryption would be needed, the only way to provide any assurance is to have some backend appliances that do encryption and are rented, with a paid deposit that once the rental ceases, all keys are wiped. That way, a bankrupt provider would have all their servers sold, but the encryption appliances would be owned by another party
Re: (Score:2)
I don't know a single cloud provider that would provide that contract. In other lines of work, there would be a third party escrow company. However, with a cloud provider, since decryption would be needed, the only way to provide any assurance is to have some backend appliances that do encryption and are rented, with a paid deposit that once the rental ceases, all keys are wiped. That way, a bankrupt provider would have all their servers sold, but the encryption appliances would be owned by another party. Of course, this may not mean much as it might be a fight wresting the leased items from the bankruptcy trustee, but in theory, it helps put at least a layer in place of protection.
However, I don't know any cloud provider who would spend the time and effort to do this, just because the current system of assuring people that "passwords", "encryption", and "firewalls" is good enough.
If you don't care that the data is "gone for good" then a split encryption system is not needed, just a thorough erasure system (which is where an escrowed sum comes into play, to cover the cost of a third party service performing on-site wiping of all hard drives with customer data in the event of bankruptcy). I also do not know of a single cloud provider that does this today, the cost difference at scale of a cloud solution vs a managed hosting solution is not that great, so a company with truly invaluab
Re: (Score:2)
That’s a major question and one that every firm needs to address before using the cloud.
There are safeguards you can put in place. You can back-up all cloud data as a start.
There are a lot of articles on the topic. Check this one out as a start: http://spendmatters.com/2013/1... [spendmatters.com]
If you're not using Cloud to Butt (Score:1)
Then you have yet to unlock the full hilarity potential of the internet...
https://chrome.google.com/webs... [google.com]
Sounds like a good read (Score:1)
Re: (Score:2)
The book doesn’t deal with acceptable use per se, as much of acceptable use is determined by the specific user of the cloud.
As I wrote about “almost any security regulation or standard can be met in the cloud. As none of the regulations and standard dictates where the data must specifically reside”.
So if you define what the with acceptable use is and build that into your cloud policy and contract, that would be acceptable.
Architecting, "a software", orientate, et al (Score:3)
Re: (Score:2)
"Architecting" ??? wtf...? (Score:3)
The reviewer does not indicate if the book is written in English, which is relevant because the title clearly is not.
Re: (Score:1)
Re: (Score:2)
A search of www.merriam-webster.com returns: the word you've entered isn't in the dictionary. So you are correct, this is not an official English word.
But its de facto use is seen at:
http://gapp.usc.edu/graduate-p... [usc.edu]
http://aws.amazon.com/training... [amazon.com]
http://www.cs.berkeley.edu/~al... [berkeley.edu]
Lookif selfie can be a word, why can’t we let architecting in?
Re: (Score:3)
>>Lookif selfie can be a word, why can’t we let architecting in?
Because "selfie" fills a legitimate and objective need, filling a void created by an advancing technology and culture, neatly and succintly describing a "photograph of someone taken by that same someone, intended primarily for social media."
"Architecting" is superfluous, already synonymous with the shorter and more familiar "building" and "designing," and it contains the pompous subtext of equating the skills and efforts of an archi
a solution in search of a problem (Score:2)
Until such time that the tech community of the world can and will effectively deal with (i.e. either convince to stop misbehaving or just kill 'em) all the brilliant psychopathic programmers in their mist that create malware and viruses that defraud millions of people, then it is plain madness and criminal negligence to encourage people to entrust their data to some unknown and unmonitored external entity such as the 'cloud'.
Until that time, safe and productive cloud computing is just a fantasy. It's a so
Re: (Score:2)
:::entrust their data to some unknown and unmonitored external entity such as the 'cloud'.
Do you really consider Amazon Web Services unknown and unmonitored?
The granularity of what they can report on shows their monitoring capabilities are quite sophisticated. :::Until that time, safe and productive cloud computing is just a fantasy. It's a solution in search of problem. Avoid it.
I think the facts speak for themselves. There are thousands of examples of safe and productive instances of cloud computing,
But
Standards Standards Standards (Score:2)
The main bottleneck of "the cloud" is standards. Unless organizations can easily swap vendors and make their own (optional) backups without hassles, the "cloud" will continue to be a fractured, risky, and messy place.
The problem is that there are no incentives to standardize because service companies don't want the market to become a commodity because commoditization usually eats their profits (at least in the industrialized world) just like it did with PC's. They want you to be locked in to Their Way so th
Re: (Score:2)
Re: (Score:2)
Excellent point.
Lack of standardization is one of the biggest problems facing cloud computing.
It’s inevitable a few standards will eventually emerge. But until then, there’s a lot of uncertainty.
Yea no... (Score:5, Interesting)
I maintain several cloud based applications. STAY AWAY.
There is no time when "The Cloud" is a good idea. In fact, I'd say it's even worse than "Closed source" software. Because no you not only lose access to the application, you lose access to your data as well. And trust me, the cloud service provider will use that access against you. I have yet to see a contract negotiation with a cloud service provider that didn't eventually devolve into the Cloud threatening to cut off access to the data with no option to export if the user didn't agree to unfavorable terms. This doesn't happen "Sometimes" this happens every time... with multiple vendors. They are very friendly and the rates are cheap at first, but after you've been with them for a few years... Then they start turning the screws. Unless you control "The cloud" yourself, stay very very far away.
Re: (Score:2)
the Cloud threatening to cut off access to the data with no option to export if the user didn't agree to unfavorable terms
That's a *very* strong assertion. In fact, it seems like the sort of thing that the courts would stop, hard. It's essentially extortion. It's absolutely the sort of thing that would send customers screaming... and discouraging everyone around them. I find it hard to believe that any reputable cloud service provider would dare risk their business by doing something like that.
Re: (Score:2)
That's a *very* strong assertion. In fact, it seems like the sort of thing that the courts would stop, hard. It's essentially extortion. It's absolutely the sort of thing that would send customers screaming... and discouraging everyone around them. I find it hard to believe that any reputable cloud service provider would dare risk their business by doing something like that.
Lost track of number of people who have called in with issues trying to extract data from various providers.
Either they claim they can't do it, provider cut them off and they are screwed or provider feels it necessary to charge a massive fee to extract customers data. Another fine twist is allowing access to data but not in a way it could practically be extracted.
Guessing some of these are cases of you owe us money and we're leveraging whatever we can to force you to pay yet some have specifically mentione
Re: (Score:2)
Expecting they would not seek to maximally leverage their position is not a serious option.
Well, as a Googler, I definitely do not expect Google to do anything remotely like this with their cloud offerings. Heck, Google is careful to ensure there are mechanisms for users of their free services to take their data out, and holding someone's data hostage for more money or whatever just runs counter to everything the culture holds important. I don't think Amazon would do it either. Smaller players... I suppose it's possible, but it still seems like bad business on their part.
More details please... (Score:2)
Will an experienced admin (20+ years *NIX) that's currently using RackSpace (dedicated and cloud) learn anything from this book? It's so hard to tell from this review.
I've been using RackSpace for a few months now and I find that it's not much different than hosting the servers myself except I don't have to deal with things like router/switch configuration and hardware replacements.
Re: (Score:2)
:::::Will an experienced admin (20+ years *NIX) that's currently using RackSpace (dedicated and cloud) learn anything from this book? It's so hard to tell from this review.
I think so. :::I've been using RackSpace for a few months now and I find that it's not much different than hosting the servers myself except I don't have to deal with things like router/switch configuration and hardware replacements.
From a hosting and sys admin perspective, it is not a radical difference.
But from a cloud application persp
Either (Score:2)
"Most books about cloud computing are either extremely high-level quasi-marketing tomes about the myriad benefits of the cloud without any understanding of how to practically implement the technology under discussion. "
Or....?
You didn't even get your first sentence right, I'm not going to read about the rest of your thoughts.
Re: (Score:2)
You are correct about my not getting the first sentence right.
With that, don’t let defective sentence stop you from reading a very good book.
Re: (Score:2)
The cloud (Score:2)
Second, it is a buzzword that is used to get gullible suits to think that they can get rid of their IT depatments.
It's not like all this hasn't been proven already.
Re: (Score:2)
::::First and foremost, the cloud is not in any way shape or form secure.Any thing you put there is there to share.
It’s as secure as you want to make it.
Many firms that take security seriously use the cloud. :::::Second, it is a buzzword that is used to get gullible suits to think that they can get rid of their IT depatments.
You do have a good point there.
Naming (Score:2)
Why don't we just call "the cloud" by the name we used for it decades ago?
"Mainframe", that is.
Real world example .. (Score:1)
Re: (Score:2)
The use of Netflix on AWS is well documented.
Start here: http://aws.amazon.com/solution... [amazon.com]
Re: (Score:1)
I was hoping for some diagrams and detailed textual analysis. I read somewhere that Netflix originality went with the 'Cloud' but quality-of-service was so poor, they had to go out and build their own content delivery backend.
Re: (Score:2)
If you start a dialogue with a sales rep at AWS, they have a log of diagrams and detailed technical material they will share.
You can also look around at http://aws.amazon.com/document... [amazon.com], as there is a lot of good technical material there.