As Cloud and especially SaaS and PaaS is quickly becoming reality, many internal IT pros working the public sector are asking themselves whether the skills and career paths are shifting. Is it required to have a development team to cater for “small” user requirements such as a DB here and there, or perhaps a complex spreadsheet. These requirements are what fed work to “small” dev teams across public bodies, and created huge potential revenues (if not controlled) for the outsourcers.
In fact, outsourcing muddies the water significantly… A real example from one of our clients: due to a long term outsourcing contract, where the provider would always charge high rates for any “End User Computing” developments, users simply used the tools at hand: namely MS Excel and Access for application development. After 7 years, one “mission critical” app was (is) run off a giant excel spreadsheet, linked to over 250 other excel spreadsheets, taking 15 minutes to load and having 2 FTEs maintaining it. The amount of access DBs is unknown, but between 24000 and 48000 have been discovered.
This will happen when the service is not provided to users, and becuase of this, many IT teams have a super user or a team helping out. This can be expensive, as even 2-3 people costs of 150K+ per year to the council.
Given the advent of PaaS and easy config options, users should have reduced requirements (if trained), however a level of support and small dev will still be required. For this reason, should the Development as a Service (or Coding / Config as a Service) or CaaS, become the norm?
I certainly hope so, and we are beginning to think in those terms and streamlining our internal teams to be able to deliver on a much more “small” dev mentality. This, in the end the vision behind the Agile methodology.
blog
Role of Developers in Organisations
Cheesy text
I’ve been accused of using purple prose in the past so I’ve decided not to anymore and when I’m developing something for work I use Lorem Ipsum.
Lorem Ipsum is nothing more than filler text, it’s not meant to mean anything but merely to be used as a means of filling space within, in the context which I use it, a webpage.
I used to think that it was simply gobbledygook but it looks like its a bastardised version of a classic Latin text, who’da thunk it?
In my search for something more than the generic Lorem Ipsum generator I found loads of Ipsum generators. I particularly like the Bacon Ipsum and, in a sort of homage to it, I’ve created the Cheese Ipsum. It comes with the option of only using cheese from the classic Monty Python Cheese Shop Sketch in the first paragraph.
I’ve looked at loads of different scripts for generating Lorem Ipsum text (both client and server side) but decided to roll my own using a mixture of vanilla JavaScript and jQuery with lots of ideas taken from other people – sorry if you notice something obvious that I’ve stollen!
This has very little to do with the cloud but it represents a brief window of time where I could develop something that’s been causing a mental itch for a month or two, we’ve just submitted a bid for a project that we’ve been working hard on and I’m blowing off a little steam before we hear back about whether or not we’ve won it.
I’ll keep my fingers crossed as man can not live on cheese alone 
So the G- cat is out of the bag!
Earlier this month, central government released the first iteration of the G-Cloud Framework. It is being wildly discussed on the partner networks, with lots of cloud providers planning to bid. Indeed, according to a Linked in post by Mark Craddock, it attracted something like 80 suppliers on the first day.
This is hardly a surprise. Despite its short duration, this is the first opportunity for SMEs and disruptive suppliers (Google, AWS, Salesforce and many others) to sell to the government directly (or at least be part of the same crowd as traditional oligopolies). We have certainly been waiting for it for ages, and despite its duration, hope to use it lots.
This framework has already save a public sector organisation money. We are doing some cloud piloting at a large county council. Earlier in the year, they were planning to launch their own custom framework procurement in order to be able to buy the apps / services off the cloud. Now they don’t have to. The cost of getting a framework set up is 150K+, so there is a saving right there. I imagine they are not the last.
There are a couple of small niggles though. I suspect that LOT4 (Other Services) of the framework will have 90% of respondents in it, as it will catch now only the consultants and deployment houses, but also resellers. It would be good to separate “consulting” from technology services such as deployment, development or Cloud brokerage. From our perspective, we will be bidding on several lots, bringing SaaS (our own products + several partners that will not bid themselves), as well as a number of offerings in Lot 4. Indeed, it would be better if roles for resellers / brokers could be better defined at the start, as there are differing opinions about how to handle the current situation amongst larger cloud vendors.
I also have reservations about using the somewhat wide NIST definitions, or at least I hope that they will be narrowed. There is little to stop “fake” and rebranded cloud offerings to join the lots. Specifying modular pricing, or minimum / maximum contract commitment would be great. In fact, I had a conversation recently with one of the major vendors who complained that they cannot differentiate themselves enough, as a minimum contract length under the framework is 1 month, where as they could offer 1 hour… It would help to sort “new” utility and client centric models to rise head and shoulders above the traditional lock-in (contract and tech) model.
Having said the above, even in its current guise, this framework is fantastic! I can really see how it will evolve and grow over time, and how it can, if used properly, start to “de-departmentalise” government and bring value to citizens. Ultimately, the test will of course be the amount of business going through it, however I know that several of our clients are already planning to use it. No doubt this first iteration will have its challenges – but as, one of my recent tweets said (paraphrasing one of our major partner Public Sector business development managers) – It will only work for those progressive public sector teams, who have already decided to innovate. The ones that still need convincing, will find plenty of excuses to wait..
.
The proliferation of layers in the Cloud and what to do about it
There’s an old adage in Computer Science, which goes: “There’s no problem, which cannot be solved by adding another layer of indirection.” One usually goes on to add: “Except, of course, for the problem of too many layers of indirection.” Truth is, layers are great. They have been intimately involved in almost all the great breakthroughs in IT productivity. Fundamentally, they allow us to abstract away unneeded complexity and get on with the work we are supposed to be doing without having to deal with issues that aren’t relevant to us. Assembly language is cumbersome, so we add one or more layers of programming language, which makes our code (almost) human readable and makes us many times more productive as programmers. The compiler takes care of the translation and 99% of the time that causes no major issues. Coding for multiple platforms is hard and time consuming, but with Java or – these days more likely – a nice shiny web application, we can rely on a virtual machine or a browser to ensure that it runs across client environments, operating systems, and hardware platforms. As any web developer will tell you, the process of making something cross-browser compatible is far from trivial and often aggravating, but imagine having to write separate code bases for every target platform instead. A lot less pleasant isn’t it?
From one perspective Cloud Computing in toto is a massive exercise in indirection. IaaS abstracts away the details of hardware and network maintenance and allow us to provision compute and storage resources in a simple interface. PaaS adds another layer that allows you to abstract the OS and system services and only focus on the bits that are relevant to your development. SaaS, finally, abstracts away most of the complexities of application management and maintenance and allows you to just get on with using the service.
However, the act of abstracting away complexity by its very nature makes the total system architecture more opaque. And with the distributed nature of Cloud Computing systems, this can become a threat to effectively managing your ICT estate. In any given Cloud system there may be numerous vendors involved running platforms with discrete underlying architectures. While some scenarios are relatively simple, for instance a PHP web app running on top of Ubuntu Server on Amazon EC2, others can get quite hairy. Imagine a provider of mobile payment services running a SaaS application on top of a custom mobile provider framework from a second vendor running on Engine Yard running on EC2. SaaS on PaaS on PaaS on IaaS, effectively and it can easily get more complicated if you add in additional integrations and 3rd party web services. At the very least, you would be dealing with four different vendors using four separate system architectures probably hosted in multiple physical locations. How as a customer do I really understand the implications of using this service in my Enterprise Architecture? Some might argue that I don’t have to, just sign-up to and let it be the vendor’s problem. But for any organisation with serious compliance requirements and pro-active management of Service Levels that answer won’t fly further than Superman after a kryptonite sandwich.
This creates two sets of challenges for the ICT organisation: one technical and one commercial. On a technical level, I need to understand how the layers of my proposed stack fit together. What are the potential points of failure, what are the security risks and threat vectors relevant to each layer, and how is the responsibility for my service provision actually distributed across providers? On the commercial level, I need to understand the vendor risk associated with each part of the puzzle, what my real chances of the vendor meeting service level commitments given the distributed nature of the system are, and who I can point the finger at for different types of failure. For compliance, I will need to have risk assessments of each vendor and know how I will monitor that the vendors continue to live up to the commitments they have made. Standards, like ISO27001, help a lot, but are not catch-alls.
This may seem a daunting endeavour, but fortunately doing these types of assessment needn’t be overly strenuous. The Cloud is consolidating on the lower layers, and you only have to assess Amazon once. It is an achievable task to put together a standard set of questions and clarifications you’ll need from providers. If you’re a bit clever about it, you’ll feed that back to your procurement process and make sure that this information is taken in account when assessing vendor risk and performing technology selection.
Cloud Computing for all its great strengths is not a silver bullet. You still need to own and take responsibility for the architecture that you deploy. As the legendary Fred Brooks told us so many years ago, there is an inherent minimum level of complexity to computer systems. Attempts to go beyond this are bound to fail. At the end of the day there is no way to simultaneously abdicate responsibility for your Enterprise Architecture and retain a reasonable conviction that it will remain effective. There never was.
Oracle Cloud Buys Fish
The technosaurs continue their battles to become the kings of the cloud, by innovation and aquisition.
Oracle just put $1.5bn on the barrel head for RightNow and it doesn’t look like being the last software as a service (SaaS) company that they will snap up. The purpose of this spree is fairly clear: if you are going to fill an aquarium you need fish. The Oracle environment will be schools of servers for each customer: not a true multi-tenancy system where developers can dreamily forget about “size” in their deployment – leaving it for human and machine application monitors to expand and contract on demand.
As a reality check let’s note that service definition files in Azure dictate size and Amazon machine images are very much sized. SalesForce champions the sizeless but gives clear limit guidelines. It really is all too easy to lose sight of cost of usage even if it is much better than any internal I’ll-buy-my-own-silicon-thanks-very-much solution, so all of these system let you size in one way or another because of business reality.
Let’s return to the point of development and business making. Part of the cloud vision is that I shouldn’t have to worry about silicon or sub-system: buying them, upgrading them or even, within limits, understanding them. In an ideal world where Sir Richard Friend, say, invents a whole new optical computing thingamejig, a single instance of which can run a cloud and additional resource is grown rather than expanded by networked: we cloudizens should be blissfully unaware of anything except lowering hosting costs and increased capacity. It’s a fanciful example but the point is that abstraction really does matter.
Oracle’s system will not be very abstract by latest reports. So what are the benefits of them not going true multi-tenancy or is it just that they are late to the game and need to cobble Fusion into a fit-for-cloud* technology. There is a big one – the real-walls-a-must argument.
It goes like this: for legal/political/trust reasons a client insists on a physical air-gap between their information or application space and any other clients, there is no room for play and they don’t accept that your virtual partitions are inviolable. Oracle gives you a separate pod and polaroids of the arrangement, your compliance officer takes them off to whichever watchdog is currently chewing the remains of his ankle. I also should point out that Oracle provides for the multiple tenancy of pods for smaller customers, a model which should be familiar from days of old server farm hosts. Is the truth that many of these customers will find it easier to keep their solution on premises rather than move to any cloud solution? Quite likely. A lot of these customers won’t be shopping in the SaaS/PaaS/IaaS market anyhow.
It’s possible that the latest Azure federations may offer an oblique answer to this by forcibly locating a single client/tenants information by a SaaS customer on a machine but it’s not a real wall/air gap. Ultimately SalesForce and Azure will/can both provide very convincing answers to real-walls-a-must, an answer that needs to be check boxed and formatted to satisfy non-technical legislature.
Buying ‘customers’ can only really be a short term solution: designing for those bought companies may turn out to be short-sighted. If you really want the right kind of fish in your aquarium then lower the gate to the ocean and, if your fish tank is that good, they might just swim in by themselves.
*I’d like to patent that phrase, especially in the sense: “before I started architecting for the cloud I could run a marathon, then I got absorbed into the things I could do and before you know it I was fit-for-cloud, my software was incredible but my trousers didn’t fit.”
Accessing RDS using HeidiSQL
Whilst looking at family-tree type things yesterday at work (it was for a work-based project, honest!) I remembered that my boss was looking at a way to administer our database on RDS. After reading shed loads of documentation, which said that it couldn’t be done or that you needed to jump through loads of hoops I managed it.
Basically what I had to do it connect to it via one of the instances we already have running on AWS.
When we log into RDS we use this command on one of the instances running in order to get access to the mysql commandline:
mysql -u [username] -p[password] --database=[database name] --host=[location of RDS instance]
So for instance when we use puTTY to log into our Development instance we issue the above command to get into the RDS instance – there doesn’t seem to be a direct way of accessing it.
HeidiSQL can understand that work-flow so in the Session manager of HeidiSQL create a new Session and call it “RDS” for example.
On the Settings tab select SSH tunnel as the Network Type, enter the host variable from the command detailed above into the Hostname / IP field (i.e. [location of RDS instance]). In our case User is [username] and Password is [password]. We’ll keep Port as 3306, keep the Compressed client/server protocol tickbox ticked and enter [database name] in the Databases field.
Next click the SSH tunnel tab. Locate plink.exe on your hard drive or download it (handy link on the tab itself). The SSH host + port is the instance you just copied the command from. So for us it’s [some subdomain].[some domain].com, port 22. Username is [not necessarily the same username as above] (the username you use to access the AWS instance). Leave the Password field blank and locate your ppk file (which you converted from your initial pem file using PuTTYgen.exe a while ago). Leave the Local port as 3307.
Click Save and then Open and Bob’s your Uncle and Fanny’s your Aunt!
Happy browsing of the DB!
Arcus as a Service
It’s hard to spend much time reading about cloud computing without running across the IaaS, PaaS and SaaS acronyms. Respectively standing for Infrastructure, Platform and Software as a Service they are frequently used to characterise the different models for cloud service delivery.
While IaaS involves supplying low-level computation resources such as processing or data storage, SaaS corresponds to delivering fully-formed web applications ready to write documents or manage projects. PaaS sits somewhere in the middle and provides a service packaging lots of IaaS services together enabling applications to be rapidly built and deployed.
At this point I imagine that my audience will be either bored, having read a variant of the above dozens of times before or confused, perhaps wondering why I’m repeating this classic cloud mantra.
Well it has occurred to me that a nice thing about working at Arcus is that I’ve been able to work with all of these different delivery models and that we are now getting into a position where we are regularly using all three to meet client requirements:
- IaaS
While perhaps the most boring sounding of the three we still like IaaS – as well as providing us with load balanced and scalable virtual servers needed to deploy development work we can now take existing virtual machines running on in-house servers and migrate them up to an IaaS provider, potentially opening a whole new cloud migration path for Enterprise. (see here)
- PaaS
There has been lots of buzz recently about how Platform as a Service is about to take off. The balance it offers between flexibility and rapid, cost-efficient development has great potential for meeting many of the LOB requirements within the public sector.
Salesforce, one of the market leaders in this sector, will be opening a data centre in the UK next year with should remove a lot of regulatory hurdles relating to GCSX and CoCo. Amazon Web Services are also keen to move into this space.
- SaaS
Finally SaaS has been keeping me pretty busy recently. In terms of the number of products available it’s a huge area of cloud computing and offers great potential to benefit from some pretty intense competition and economics of scale.
In the last month we have conducted a market scan through dozens of SaaS project management applications on behalf of a client before selecting Clarizen and are now trailing it with the client and implementing it internally as well, so far so good.
I’ve also been having fun creating a suite of websites using Google sites for community libraries. It’s been a while since I’ve used a WYSIWYG website designer but it’s pretty cool what you can build with Google Sites without touching any code at all (a key requirement as the volunteers will be maintain and developing the sites after release).
So that’s IaaS, PaaS and SaaS covered, next we just have to tackle DaaS, StaaS, HaaS, CaaS, NaaS and MaaS! (Although I’m sure people are just making these terms up now, MaaS has been defined as Monitoring, Management and even Municipality)
Arcus’ autumn edition of Newsletter is out!
Selected news on G-Cloud and public sectors’ ICT, latest developments from vendors, discussion on some “hot” Cloud topics and update on some of exciting projects Arcus is working on.
Special points of interest:
Cloud computing standards and migration
Security in the Cloud on example of Google Apps
Isle of Man moves to the Cloud, expects to save 15% on IT costs
Spotlight on… Cloud-hosted CRM
Nice JavaScript code snippet
Had the need to send a set of hex colour codes to a method which used them to create a chart using Google charts. The initial list was too short so that some of the colours ended up being repeated and the data became difficult to read. I pottered around the code base and “borrowed” some functionality from the boss. The following code is what I used to test it. By all means copy and paste it into a blank file and give it a try. Works a treat!
<!DOCTYPE HTML>
<html>
<head>
<title>Palette Playing</title>
<script type="text/javascript">
var palette = "000000,0000FF,00FFFF,00FF00,FFFFFF,FF0000,FFFF00,FF00FF";
document.write(palette.split(',').splice(0, 4).join(','));
</script>
</head>
<body>
</body>
</html>
This will produce “”000000,0000FF,00FFFF,00FF00″.
It’s ALIVE!!
Virtualisation had been with us for a while now and it can generally be regarded as ‘a good thing’. It gives us more efficient utilisation of ‘real’ hardware and lets us do more with less – thereby realising cost efficiencies, which ultimately in this climate are very handy!
These facts are all well-known and you’ll have to forgive me for stating the blindingly obvious! So what is the point of this (my first blog post)?
Well, what happens if you want to take an existing VM and migrate it into the cloud? I’m not talking about building a new machine in a cloud infrastructure provider and re-installing apps, reconfiguring etc. I’m talking at the notion of taking an existing system and packaging it up and moving it lock, stock and (and hopefully not smoking!) barrel.
Why would anyone want to do this? The biggest reason is that you might not want to go through the pain (and expense) of a full system re-validation. It’s been already done, the server and application configuration is documented and verifiably tested and everything works. Any re-installation on a new server would require re-executing installation and test scripts that would delay any such project.
Of course, there are caveats: you might be migrating a server that has some as yet undetected configuration problem that will cause it to fail, but the point here is that it is unknown and will fail whether it’s in an on-site datacentre or remote one. Therefore there is no net gain or loss in such a migration.
There are many points for discussion here (and if you feel compelled enough, leave a comment!), and to examine them all would take far too long!
However, what has happened in the most recent week is that we can now migrate that most common of server OS’ – Windows Server 2008R2 – into two prominent UK based cloud infrastructure providers: Flexiscale and Elastichosts.
It is possible to take your existing VMWare (and others) based server VM, and move it into one of these IaaS (Infrastructure as a Service) providers and do it in such a way that it will not affect the configuration of the machine thereby minimising any testing/validation work that would need to be performed.
The possibility is there, and it’s certainly worth exploring…
