Saturday, March 27, 2010

Cloud Computing

In my last point I took a big of a nasty pot shot at the vendors of "Cloud Computing".

IMHO Cloud is a huge and valuable technology but a long way from reality. In my view of cloud a user develops or modifies systems using sophisticated software development tools. I do not see new development tools as programming tools but rather business oriented tools that allow users to define rules, graphically view analyze and alter workflows. The tools should let the user add features to their systems, modify existing features, integrate 3rd party components and test what they have done. There would be screen drawing tools to let non-technical people layout and implement the user interface. Included would be tools to test what the user has implemented as well as run simulations to test the business effectiveness of the solution. When they are done, they simply press a deploy button.

"Deploy" sends data, program code, meta data, etc. to the "Cloud". Rules in the cloud manager understand how to deploy the system artifacts. No one on the consumer company's staff need know anything about the cloud.

The cloud's operational manager software should manage performance and response time of all applications. It must insure that applications are replicated across at least two if not more machines at a minimum of two physical locations to eliminate the need for disaster recovery planning. The system in real time may move application artifacts from one location to another as well as replicate artifacts in real time to improve performance and insure that the system is insulated from disaster. The cloud should have disaster managers that can handle anything from taking a machine off line for routine maintenance to the loss of a facility or data center do to catastrophic disaster.

We are a long way from Cloud meeting what I have described above.

Today security, privacy, and administration are perhaps the biggest inhibitor to any vendor's implementation of Cloud computing.

IBM sells both public and private cloud software and services to implement cloud computing. Sam Palmasano saw a vision of a "public" cloud run on IBM owned and operated computers where computers and the cloud operated as a giant utility company.

Security is complex in Cloud. Ownership rights are "cloudy" as are the implementation and granting of rights to system artifacts. If the cloud is operating as I have described above, it is constantly changing thus complicating auditability and making security even more challenging.

Going hand in hand with security is privacy and data protection. Who can access data? How do you audit and prove who can access data? Are the 40 year old database products of the past (i.e DB2, Oracle, Sybase, others) up to the task of managing data in a cloud environment with data replicated in many locations including systems that you may not own?

Can vendors convince their customers that it is ok to put their data or their customer data in a cloud where they have little control over the data and its access as well as auditability? IMHO even if a vendor has tremendous technical tools it will be next to impossible to convince the key decision makers in a customer organization that their data is protected.

Administration of a cloud based system today is a nightmare with people requiring a great deal of special training to the specifics of vendor software. In several vendor scenarios there are multiple layers of software that must be implemented and managed. The tools to manage a cloud simply do not exist. You would envision a control console that displays a world map with all of the notes of the network represented as colored LED's that flash red, yellow, green, and other colors to visually represent the status of the network. These would be connected by lines also color coded to represent status. Administrators in the control center would be able to adjust the system add or remove components around the world with ease. This is far from today's reality.

This command and control center would of course be replicated to handle emergencies. In fact cloud management may become a business of its own for some enterprising vendor with creative management software. The ideal solution would be incredible software and average people.

Until you can deploy artifacts to a cloud (private or public) and know that resources have been properly secured, know exactly who can and has accessed artifacts at any point in time, and insure that data is protected not only from intruders and unauthorized people but from those people who administer and operate the cloud we will not be seeing cloud reach its potential.

As many of you know, I am a key advocate of a modern version of CASE and enterprise modeling that we embraced in the 1980's. CASE and OO which followed (along with UML) never reached its potential and has left business corporations with no path into the future.

The need for enterprise modeling and implementation of the meta data to describe and manage the enterprise is more important today than ever before. Security and privacy as well as simple data protection have been implemented by crude software that requires an administrator grant authority to various people at a physical level. In other words an administrator must define who may add, change, or delete records in files on a computer system.

Security and data ownership should be transparent and implemented via a system of rules and ownership that are a byproduct of defining your enterprise and its organization to a system. I've done this three times in my career in large enterprise systems and it is the only solution to today's out of control technology. What I am talking about integrates security and data access into the rules that govern the business. Managers are responsible for defining jobs which have rights to data and processes that operate on data. People are assigned jobs and can only do or see what their job requires or enables them to see and do. There is built in auditing of everything that happens in the system with comprehensive logs and real time reporting of security incidents (based on violations of business rules).

It is this type of logical meta data description of the business enterprise that is required before a technical implementation like "Cloud" can be implemented. If security and data protection are a part of the application then It is quite simply a part of the cloud and requires no special software or hardware. Note that sophisticated encryption can be invoked via rules in the business application.

Friday, March 26, 2010

What is Happening to the Computer Systems Industry

I've been remiss in posting to this blog and probably lost most of my followers, but in hope that someone is left I want to share some observations that I find sad and disheartening.

If you look at the year end results for most major software companies this past year you will see dismal results or at best lack luster results. If you look around the web you will find that the world has become static and we are not seeing break through technology that positively impacts businesses.

In fact we are seeing software companies as well as commercial business outsource their IT organization and software development to India, China, the former Soviet bloc countries, some south east Asian countries and other 3rd world low cost labor markets.

Many companies like IBM have given up on innovation and grow their software portfolios via acquisition instead of innovative development.

Emerging technologies are exactly that technologies. One of the biggest boon doggles is Cloud computing. The only cloud that truly exists are the those around the heads of the executives of the companies claiming to offer software solutions based on the cloud model.

Don't get me wrong, the concept of "cloud" computing, namely loading software into a virtually managed machine environment where the developer knows nothing of the underlying hardware is the direction I believe we should be going in and may someday achieve, but not today and not for a while. The key issue is security or the perception of privacy and data protection that does not exist today.

I grew up in IT during the 1970's, 80's, and 90's when the world was trying to figure out how to represent and implement maintainable business systems that addressed the problems and needs of business.

Today we should have graphical software that reflects our businesses and allows business users to define business rules that govern the systems in real time. Systems that analyze workflows and make changes that improve the word in real time.

Instead, we have moved from business languages like COBOL or RPG or the dozens of failed 4GL's to Java and C++ which are roughly akin to programming in Assembly language taking us back to the 1960's.

Where are the application development and management systems of today? Are the ERP vendors meeting corporate needs? Have business executives simply given up on IT?

Where is modern innovation in business systems? Do modern corporations no longer need computer systems beyond the 20 year old ERP systems that run their companies today?

I happen to believe that we need a new revolution in computer systems architecture and technology.

I believe we must break the backs of the handful of ERP vendors that are choking modern enterprise and holding back technology.

The very concept of SOA should be a model that allows corporate enterprises to buy the best possible components from the best provider for their needs. Corporate systems people should become integrators instead of programmers. Their role should be integrating software purchased or rented from many software vendors and using innovative software to build modern UI's and workflows that manage the modern corporation.

To achieve this we must get back to a focus on representing the enterprise and its operations in the modern computer system and not on some wiz bang technology.

Some please tell me, where is innovation today? I'm not seeing it. Not from IBM, not Microsoft, most certainly not from Oracle or HP. I don't even see it in the open source community.

We must begin to move forward.