Like many young data-driven companies, BuildFax decided in 2008 to host its construction data services on Amazon Web Services. But now, it's moving some systems to Google's new infrastructure-as-a-service (IaaS) offering, some to other cloud providers and some to its first in-house servers.
BuildFax's vice president of research and development, Joe Emison, says he was at first delighted with Amazon's low costs and pay-as-you-go model. But he soon wanted a choice of public and private clouds so he'd have the flexibility to get the best price, performance and disaster recovery options as his needs changed -- and as computing technology and the capabilities of IaaS providers changed.
"You can take advantage of the benefits of the cloud without locking yourself down to Amazon" -- or any other provider, he says.
Concerns about sharing servers, storage and networks with other organizations outside the corporate firewall scare many users away from IaaS. But most observers agree that, with proper care, IaaS can meet even strict security requirements, and the security picture is likely to improve as IaaS providers gain experience. For example, Sonian, a Newton Mass.-based provider of email and document services, recently completed a Federal Information Security Management Act (FISMA) audit of more than 300 controls analyzing how Sonian software operates on the Amazon cloud. "We met the highest standards out there," says CTO Greg Arnette.
As with in-house data centers, most security problems in the cloud are caused by users who ignore the rules or operational snafus such as misconfigured networks, says Pepple. IT services providers such as India's HCL Technologies offer multicloud governance frameworks that can provide granular access controls and configurable roles and privileges for users across multiple clouds, said Sadagopan Singam, HCL's global vice president of cloud computing.
Mix and Match
BuildFax's Emison still runs most of his production systems on Amazon's cloud infrastructure. But he has shifted some to Google Compute Engine and hopes to move more, while keeping enough on Amazon to provide failover for business continuity.
He's using cloud management software from RightScale to, among other things, create servers from standard templates, and to deploy and monitor them on multiple clouds without using a separate API for each. He estimates that BuildFax saves at least $150,000 per year by not having to hire server and network administrators.
Many IaaS providers make it difficult to avoid single points of failure because their network architectures don't support clustering or allow more than one IP address to be assigned to components such as virtual servers to allow easy failover, says Michailov.
McKinnon says the geographically diverse data centers typical of IaaS setups make disaster recovery far easier than it is with in-house systems. However, customers should take into account the costs of moving large amounts of data between their own infrastructures and those of their providers. They should also verify that the cloud provider's performance monitoring and reporting systems are consistent with their expectations.
Last summer, Verizon acquired CloudSwitch, whose software, running either in the customer's data center or in the cloud, is designed to ease the synchronization of data and workloads among public and private clouds, says Terremark's Rubin. Cloud management software vendor RightScale recently acquired a cloud cost-forecasting website called ShopforCloud to make it easier for customers to calculate the costs of a variety of cloud options.
As IaaS becomes more commonly accepted, providers are looking for ways to differentiate their offerings for specific workloads, regulatory requirements, vertical industries or even geographies.