IBM Cloud Computing Use Cases Group Releases Draft White Paper

IBM's experiment with group authorship for Cloud Computing interoperability is starting to pay off. Earlier today, Doug Tidwell posted the first draft of a Cloud Computing Use Cases White Paper produced extensively via a new Google group created to help define the various use case requires. The white paper was also released under a Creative Commons License with the intention of remixing for use within other white papers and marketing materials.

In an email by Tidwell he said everything in the paper comes from the comments posted on the Google group. But also admits there are several areas that need a lot more discussion.

The introduction of the whitepaper states that it utilizes existing customer based scenarios with the goal of highlighting the capabilities and requirements that need to be standardized in a Cloud environment to ensure interoperability, ease of integration and also portability. It strives to ensure that cloud computing evolves as an open environment, minimizing vendor lock-in and increasing customer choice.

At first glance the paper is great starting point outlining some of the key aspects for an interoperable cloud ecosystem. It borrows heavily from the NIST definition of cloud computing, but I think it is a smart move to align with the NIST definition rather then to try to create yet another. I also liked the Taxonomy diagram, which brakes down the various aspects into three main groups, Service Consumer, Service Provider and finally Service Developer.

Click to Enlarge

All in all, a great starting point. Keep up the good work!

Review the draft white paper here.

Gartner Asks, Can The Cloud Save The World?

I'm currently at a wedding, killing time reading various blog feeds. In that task, I just read a generally insightful commentary thanks to particularly ridiculous question in a post by Eric Knipp at Gartner. In the post he asks if The Cloud Will Save The World?

Initially I didn't see where he was going with this idea, spending a little too much time on his so called Killer [cloud] App - Application Platform-as-a-Service (APaaS). Moving to the good stuff, he points out that cloud computing is not "an easy button - in the abstract. Someone, somewhere, has to do heavy lifting in any software development endeavor to build a high-quality, high-availability, highly-reusable Web architecture."

I will agree, the cloud does not solve IT complexity, in a lot of ways it creates significant new challenges. Things like security, auditablity, governance and performance certification all come to mind just off the top of my head.

His next question / statement shed some light on his theory, aka my head node moment. "-- companies who learn how to screw down the cost drivers while simultaneously enhancing value drivers to satisfy customer needs have a competitive advantage in their industries."

Bingo. He's hit the nail on the head. Satisfying customer needs is a competitive advantage (finding simplicity in complexity).

So, how does this all add up to the Cloud saving the world? Knipp goes on to say "that as the world grows more complex, the only chance we have to head off the disintegration of modern society under the weight of complexity comes through technological leaps in the form of disruptive innovation. -- Could this new level of simplicity in complexity be the disruptive innovation that saves the world - or at least gives us a bit more time?"

I do enjoy a good news headline as much as the next guy, but I doubt the world will be saved by cloud computing -- unless your counting saving money and scaling your enterprise in the saving the world section of things we need to get done. Really what I think this new whiz bang buzzword does is give a more compelling / sexy technology topic to discuss at dinner parties and tech conferences. And for me that's good enough.

Digital Illustration: The Art of War, Vietnam Sunrise

I'm currently in Halifax Nova Scotia attending my sister Yael's Wedding so I haven't had a chance to post anything new to the blog. So I thought I'd take this opportunity to show the more creative side of myself.

Some of you may not know that before I was a cloud computing pundit or whatever it is you wish to call me. I used to spend my days as a graphic artist. Over the next few weeks I will be posting some of various works with the related stories about how the images came to be as well as who they we're created for.

The Hendrix Back Story

Ever since I was a kid I enjoyed a keen fascination with Jimi Hendrix. As a teenager in the nineties, I was one of those guys who went out and bought an old fender stratocaster and the largest guitar amp I could find. I would then crank it up to 11 and tried my best at renditions of Voodoo Chile or Foxy Lady by my favorite guitarist Hendrix.

In 2003 I was lucky enough to have been contacted by the Hendrix Foundation to do some Jimi Hendrix Illustrations for a book that would feature him, although the book was never published the image still remains. Below are a few pieces of from that collection of illustrations.

Vietnam Sunrise

The first illustration is named "The Art of War, Vietnam Sunrise" was created in 2003 as it represented the parallels between the coming Iraq War and the Vietnam war. It is meant to show the pain as well as anticipation of going into war.

Please click the images to enlarge.

The second image is an abstract portrait of the late Jimi Hendrix. Both images were created digitally using a photoshop and wacom tablet.

Cloud Computing as a Euphemism

I had another random thought, it might be crazy, but I thought I'd share it. I think I may have been completely wrong in describing cloud computing as a metaphor or analogy, or more simply as Internet centric infrastructure.

Let me explain, the Internet is a physical network implementation. Basically the Internet can be thought of as a network of networks interconnected linked by copper wires, fiber-optic cables, wireless connections, and other physical hardware based aspects. In contrast the world wide web is a system of systems or a series of independent but interrelated elements comprising a unified whole -- the application.

To put it another way, the problem with describing cloud computing as a metaphor for the Internet is it's actually a "euphemism" for the world wide web.

According to wikipedia, Euphemisms may be formed in a number of ways. A Periphrasis or circumlocution is one of the most common — to "speak around" a given word or concept, implying it without saying it. Which it seems is what we are actually doing when referring to "cloud computing". Over time, circumlocutions become recognized as established euphemisms for particular words or ideas. Basically cloud computing is an other way to describe the web, or more broadly the next generation of the world wide web.

With this in mind, I think the challenge in trying to define a simple common definition for cloud computing is that we've been describing the wrong concept. We're not describing the physical infrastructure of the Internet so much as the application of that infrastructure.

Defining Infinite

Just a random thought, recently I've mentioned the word infinite in a few of my posts. I thought I'd take a moment to briefly describe my view of the term as it relates to cloud computing.

Infinite Capacity in Cloud Computing
Amazon EC2 is certainly finite, but for the user who needs quick access to a 1,000 AMI's it appears to be infinite. Or to put it another way, there is more capacity then any one user will ever need to use.

The New Global Cyber Cold War

There have been some rather dramatic moves in the world of cyber warfare over the last couple weeks which has brought the need for standardized interoperability & cooperation within multinational cyber defense systems to the forefront.

Last month President Barack Obama said protecting the US computer networks from attack would become a national security priority and that his administration would take active steps to protect critical pieces of US's network infrastructure. Continuing on that promise, yesterday US Defense Secretary Robert M. Gates issued an order creating US CYBERCOM a military command that will defend US military networks against cyber warfare. The very public disclosure places the United States within a broader group of countries pitted against one another in what can only be described as a "Global Cyber Cold War".

In his memo, Gates recommended that Lt. General Kieth B. Alexander the director of the National Security Agency (NSA) be promoted and run both the NSA and US CYBERCOM. The new command will be a division of the U.S. Strategic Command, which is responsible for operations pertaining to nuclear and cyber warfare. Gates also directed that the command needs to be fully operational by October 2010.

The memo went on to say that "more than 100 foreign intelligence organizations are trying to hack into the U.S. government's 15,000 networks, which connect 7 million computers, according to Deputy Defense Sec. William Lynn."

Alan Paller, the well-known director of SANS Institute had some great insight into yesterday's announcement:“Melding both defensive and offensive missions under the same command will allow for better threat preparedness. A unified command also increases the potential for interoperability and both process sharing and real time information sharing among the services".

The United States isn't alone in creating a cyber warefare division. Earlier this week Britain also announced the creation of a new "Cyber Security Operations Centre" which is said to bring together the expertise of MI5, the Government Communications Headquarters (GCHQ) listening post in Cheltenham and the Metropolitan Police force.

According to a statement by Britain's Security Minister, Lord West he said "It would be silly to say that we don't have any capability to do offensive work from Cheltenham," he went on to say that they had not employed any "ultra, ultra criminals" but that they needed the expertise of former "naughty boys". Which I think is British lingo for experienced network hackers & crackers.

Recently there has been growing concern among cyber security experts that we are now in the midst of (as I mentioned previously) a “cyber cold war”. Most if not all G8 countries now have some kind of cyber command amid escalating fears that hackers could gain the technology to shut down the computer systems that control the various G8 governments critical infrastructures such as power stations, water companies, air traffic, government and financial markets.

There have even been indications that Al-Qaeda has been actively engaged in the development of a so called "Jehadi Botnet" a.k.a "Jihadinet" ironically through the recruitment of zombie PC's in the United States. Which also raises the question of how do you fight an enemy that can actually be part of your very own network infrastructure?

With all this talk of offensive as well as defensive network tactics, the core concepts of network interoperability and cooperating among "allied" nations is quickly becoming a major point of contention. Last year seven NATO nations and the Allied Command transformation signed the documents for the formal establishment of a Cooperative Cyber Defence (CCD) Centre of Excellence (COE). The centre was formed to conduct research and training on cyber warfare including specialists from the sponsoring countries, Estonia, Germany, Italy, Latvia, Lithuania, Slovakia and Spain with United States, Canada, Britian said to be joinng in the near term.

Unnamed sources have also told me that one of the key areas of exploration for the Nato's Cooperative Cyber Defence initative has been focused on the development interoperability standards among the various state sponsors. What's all the more interesting is that the same requirements we seem to addressing in standardized interoperable cloud computing are also the same basic requirements needed for a multinational cyber defense force.

It is my opinion that as we move forward into this new world of proactive network defense, we must work to strength a cooperative environment among the various participants / combatants. The first step is ensuring we have a some-what uniform way for the various parties to to communicate with one another, and that means the creation of interoperability standards.

The Day the Cloud Died

Today (June 25th 2009) was one of those rare days that makes you remember why elasticity is so important when architecting your web application stack.

In case you don't follow the news or twittersphere, around noon eastern time came news that everyone's favorite Charlies Angel "Farrah Fawcett" had died, which resulted in a minor news flurry. Then later in the afternoon a much more major web storm erupted when news of Michael Jackson's death hit the social web. Unexpedly Twitter had major scaling issusing dealing with the sudden influx of hundreds of thousands of tweets as Michael Jackson's death spread. But twitter wasn't alone.

According to TechCrunch, twitter wasn't the only site suffering. "Various reports had the AOL-owned TMZ, which broke the story, being down at multiple points throughout the ordeal. As a result, Perez Hilton’s hugely popular blog may have failed as people rushed there to try and confirm the news. Then it was the LATimes which had a report saying Jackson was only in a coma rather than dead, so people rushed there, and that site went down. (The LATimes eventually confirmed his passing.)"

Needless to say that the use case for elastic cloud computing was made particularly clear today. For major sites like the TMZ or the LAtimes this was particularly embarrassing.

Provisioning additional instances in Amazon EC2 as well as other cloud providers has become relatively easy. For most modern scalable applications the idea of having a "hot cloud standby" or a prebuilt virtual machine that is basically waiting in the wings would solve a lot of problems with very little over head, technical adjustment or cost associated.

There is no longer any good reason for a professional website property to go down because of load. Cloud computing provides an almost infinite supply of computing capacity, be it a infrastructure as a service or platform as a service or even a traditional CDN. To not have a cloud bursting strategy in the age of cloud computing isn't just wrong -- it's idiotic.

IBM Solves Cryptographic Cloud Security

I usually don't post press releases, but this one sounded almost too good to be true. According to IBM, they have discovered a method to fully process encrypted data without knowing its content. If true, this could greatly further data privacy and strengthen cloud computing security.

---

An IBM researcher has solved a thorny mathematical problem that has confounded scientists since the invention of public-key encryption several decades ago. The breakthrough, called "privacy homomorphism," or "fully homomorphic encryption," makes possible the deep and unlimited analysis of encrypted information -- data that has been intentionally scrambled -- without sacrificing confidentiality.

IBM's solution, formulated by IBM Researcher Craig Gentry, uses a mathematical object called an "ideal lattice," and allows people to fully interact with encrypted data in ways previously thought impossible. With the breakthrough, computer vendors storing the confidential, electronic data of others will be able to fully analyze data on their clients' behalf without expensive interaction with the client, and without seeing any of the private data. With Gentry's technique, the analysis of encrypted information can yield the same detailed results as if the original data was fully visible to all.

Using the solution could help strengthen the business model of "cloud computing," where a computer vendor is entrusted to host the confidential data of others in a ubiquitous Internet presence. It might better enable a cloud computing vendor to perform computations on clients' data at their request, such as analyzing sales patterns, without exposing the original data.

Other potential applications include enabling filters to identify spam, even in encrypted email, or protecting information contained in electronic medical records. The breakthrough might also one day enable computer users to retrieve information from a search engine with more confidentiality.

"At IBM, as we aim to help businesses and governments operate in more intelligent ways, we are also pursuing the future of privacy and security," said Charles Lickel, vice president of Software Research at IBM. "Fully homomorphic encryption is a bit like enabling a layperson to perform flawless neurosurgery while blindfolded, and without later remembering the episode. We believe this breakthrough will enable businesses to make more informed decisions, based on more studied analysis, without compromising privacy. We also think that the lattice approach holds potential for helping to solve additional cryptography challenges in the future."

Two fathers of modern encryption -- Ron Rivest and Leonard Adleman -- together with Michael Dertouzos, introduced and struggled with the notion of fully homomorphic encryption approximately 30 years ago. Although advances through the years offered partial solutions to this problem, a full solution that achieves all the desired properties of homomorphic encryption did not exist until now.

IBM enjoys a tradition of making major cryptography breakthroughs, such as the design of the Data Encryption Standard (DES); Hash Message Authentication Code (HMAC); the first lattice-based encryption with a rigorous proof-of-security; and numerous other solutions that have helped advance Internet security.

Craig Gentry conducted research on privacy homomorphism while he was a summer student at IBM Research and while working on his PhD at Stanford University.

--- Update ---

According to a Forbes article, Gentry's elegant solution has a catch: It requires immense computational effort. In the case of a Google search, for instance, performing the process with encrypted keywords would multiply the necessary computing time by around 1 trillion, Gentry estimates. But now that Gentry has broken the theoretical barrier to fully homomorphic encryption, the steps to make it practical won't be far behind, predicts professor Rivest. "There's a lot of engineering work to be done," he says. "But until now we've thought this might not be possible. Now we know it is."

Examining Utility Software Licensing

Recently I read an article about a traditional enterprise grid computing company who is attempting to enter the nascent cloud computing market. Without naming names, I will say the technology is probably decent, what they seem to lack is any real insight into the cost advantages that cloud computing enables. What I'm getting at is the ability to scale your resources -- hardware and software alike as you need them only paying for what your need, when you need it. This is arguably one of the key advantages of cloud computing, be it a private or public cloud.

My biggest issue with enterprise software companies applying traditional software licensing to cloud infrastructure software is that by charging $1,000 per year / per node, you are in a sense applying a static costing model to a dynamic environment which basically negates any of the costs advantages that cloud computing brings. It's almost like they're saying this how we've always done it, so why change? To put it another way, on one hand they're saying "reinvent your datacenter" yet on the other hand they saying" we don't need to reinvent how we bill you".

To give a little background, for our recent Enomaly's Service Provider Edition (SPE) launch we selected a utility software licensing approach that enables service providers the ability to pay based on their actual hardware utilization in the run of a of given month. Our platform provides the capability to send a secure automated report directly to us at the beginning of every month. Basically this report sends a CPU Core count for the previous month. This enables the cloud providers a backloaded cost that scales with them as they grow their cloud offerings with little or no up front costs. By choosing this model, it effectivily allows us to grow with our customers and encourages us to send them leads as well as participate in joint marketing activities. The better they do, the better we do, it's a symbiotic relationship. It also creates a long tail revenue source which overtime will compound as we deploy more and more cloud hosting infrastructures around the globe.

Another problem that a more traditional yearly / per node pricing brings is it doesn't take into consideration the ability for hosting providers to recycle off leases servers into heterogeneous clouds. A $1,000 per node price tag is the same whether you're using brand new dual quad cores or older off lease single core machines. In contrast a monthly per core or even memory based utility pricing model allows for a uniform yet scalable cost model that doesn't penalize you for using older hardware or growth within your business. To put it another way, the traditional yearly enterprise software license is basically a success penalty -- you should be rewarded for success not penalized for it.

As cloud computing becomes more entrenched in businesses around the globe, the traditional pricing models for enterprise and data center software need to adjust for the new cloud realities. The single server doesn't matter, nor does assuming static or linear growth. Cloud computing is about adjusting for the unknown variables quickly and efficiently. What I see right now is most legacy enterprise software companies seem to have a hard time understanding the new cost centric reality a cloud infrastructure provides.

MIT Technology Review Names Key Cloud Players

MIT Technology Review has published a series of Cloud Computing articles in the July/August Issue hitting newstands. I had the honor of contributing to several of the articles. I would also like to personaly thank the team at Technology Review for including me in both the Key Players and Private Cloud Companies to Watch.

To read the articles please see the following links.

» Technology Overview: Conjuring Clouds
» Industry Challenges: The Standards Question
» Market Watch: Virtual Computers, Real Money
» Companies to Watch Private, and Public
» Open Source Projects and Research Consortiums
» Key Players
» How it Works: Cloud Computing
» Webcast Interview with 10Gen CEO
» Case Study: Making Art Pay
» Map: Water-Powered Computers

The MIT Cloud Stack (Click to Enlarge)

More Details on UK Government's Cloud Strategy

In a followup post on the CCIF list, John Suffolk (UK Governments CIO) has further outlined his Cloud Strategy for the UK government.

The strategy has ten strands:

1. Standardise and simplify the desktop. Stop reinventing the design wheel, commoditise what should be commodity. Drive down price, drive up usability, capability, quality

2. Standardise, rationalise and simplify the plethora of networks. Build with the telecommunications industry the “Public Sector Network (PSN). An open market approach to joined-up secure networking for the Public Sector. Secure, ubiquitous, service model based and a price some 30% lower than we pay today.

3. Rationalise the data centre estate. Most are outsourced but they are in scope. Reduce from the central government 130+ to c9-12. Design a data centre eco system that is scalable, secure, green and economical.

4. Deliver against the Open source, open standards and reuse strategy I published in February. Buy at the “crown” not at an individual public body; treat proprietary software the same as open source (as in it should be available to all Public Servants); level the price comparison so full entry and exist cost to use the software must be taken into account. http://www.cabinetoffice.gov.uk/cio/transformational_government/open_source.aspx.
Let me have your thoughts via http://writetoreply.org/ukgovoss/.

Surrounding those four elements are two “wrapper” strategies:

5. Green IT: For each of the elements detailed above they have a Green IT wrapper. I published this strategy in June 2008. You can read it at http://www.cabinetoffice.gov.uk/cio/greening_government_ict.aspx. Each of the elements must conform to our Green IT strategy.

6. Information Security and Assurance: We published a National Information Assurance Strategy in June 2007 and the Data Handling Requirements in June 2008. Together with the Security Planning Framework that was published a few months ago form the basis for our information security requirements. I chair the Information Assurance Delivery Group and are accountable for helping Public Bodies conform to theses requirements, so security is uppermost in my mind.

This is where Government Cloud or “G-Cloud” comes in. With the elements detailed above we can begin to start the design and thinking about the establishment of a UK onshore, private G-Cloud. In essence infrastructure as a service, middleware / platforms as a service and software as a service. In relation to Saas I can’t see any reason why we couldn’t establish a Government Application Store (“G-AS” for want of a better code).

These six strategic elements have four other supporting strategies:

7. Shared Services: This is about ensuring that wherever possible we share everything... not just HR, Finance etc, but architectures, designs, solutions, people etc. We have moved from few users of shared back office services 3 years ago to many hundreds of thousands. The G-Cloud moves this thinking forward so rather than departments hosting a shared service for others, the applications are put into the cloud and saas kicks in.

8. Reliable Project Delivery. This is all about starting the right projects, executing them to successful completion and crucially delivering the social outcomes and business benefits. We have already made substantial progress in ensuring central government departments utilise portfolio management and best in class benefits realisation processes.

9. Supplier Management. Central Government is c65% outsourced and therefore having professional skills to deal with suppliers and having the most appropriate relationship with them is important. In this supporting strategy we have already worked with the ICT trade association, Intellect, to add additional tools to help the procurement process as well as implementing a Common Assessment Framework where assessment are made of projects undertaken by suppliers against a Common Assessment Framework! All the projects for a particular supplier are aggregated together to give insight into strengths and weaknesses.

Action plans are then developed. The suppliers also provide feedback on the client in a similar way.

10. Professionalising IT Enabled business change. Last but very much not least, the bedrock in fact, is growing the knowledge, skills and experience of our IT Professionals for which I am the Governments Head of Profession. We have about 50,000 IT professionals in the Public Sector. This strategic strand focuses on using the Skills Framework for the Information Age as a competency model for our ICT professionals. It is about personal growth and capability.

So in as few words as I can get it, this is the ten strategic strands we are following. They all work together and are all driven via the UK Government CIO Council. Some are more advanced than others, and clearly sitting beneath these strands is a whole lot more work and detail.

The posts also talked about language and getting that right and consistent. I couldn’t agree more. I seem to spend a fair amount of my time doing two things: firstly acting as a marriage guidance counsellor – bringing parties together; separating them when they are fighting; getting them to use the same words to mean the same things etc. The second thing is one of dating agent – someone has a problem and I date them with someone who has a solution. Key thing about language here is that we tend to apply a lot of labels to our problem and the solution provider uses a different set of labels for their solution. There is no easy fix to the language issue, but the more we talk, and listen (in at least equal quantities) the better.

Someone asked the question is the 2mbps a barrier. I can’t see any reason why. If we look at what many people do in their day jobs they don’t need 2mbs today. UK Government online transactions have increased enormously over the last 3 years as almost all services went online. The speed hasn’t been a barrier so far.

The final point was to my question about the Government Application Store (“G-AS”). The Public Sector will own many computer applications. To get full value, these could be moved into the G-AS. I think the Apple App Store is truly innovative and again for me creating something similar has attractions of speed, simplicity, innovation, cost effectiveness etc. I am still mulling over the points on certification of apps on the basis of if I can secure the infrastructure (and run the app in a virtualised world to protect the rest of the cloud), and the commercial model is say saas, if it doesn’t work should we care?

One final question for the time being. We are at the early stages of our thinking as you can see from my mutterings. Would it be possible to design a Government Cloud and a Government Application Store in a web 2.0 environment bringing in communities to detail the requirements, think though the issues, the designs and solutions etc?

Autonomic Cloud Security

Glenn Brunette, a Distinguished Engineer at Sun Microsystems has just informed me of a new project released earlier today called "OpenSolaris Immutable Service Containers" which may form the basis for what he describes as "Autonomic Security". According to Brunette using Immutable Service Containers as a core cloud building block enables some very interesting use cases in the area of adaptive and autonomic cloud security architectures. Several potential use cases are shown in a diagram set posted on flickr.

For those unfamiliar with Immutable Service Containers (ISC), it is an architectural deployment pattern used to describe a foundation for highly secure service delivery. ISCs are essentially a container into which a service or set of services is configured and deployed. First and foremost, ISCs are not based upon any one product or technology. In fact, an actual instantiation of an ISC can and often will differ based upon customer and application requirements. That said, each ISC embodies at its core the key principles inherent in the Sun Systemic Security framework including: self-preservation, defense in depth, least privilege, compartmentalization and proportionality.

As part of a more holistic view, it is expected that Immutable Service Containers will form the most basic architectural building block for more complex, highly adaptive and autonomic security architectures. The goal of this project is is to more fully describe the architecture and attributes of ISCs, their inherent benefits, their construction as well as to document practical examples using various web-scale software applications.

Immutable Service Containers offer the following benefits over more traditional deployment models:

• Consistent, repeatable and secure packaging for the deployment and management of services. "One service per container", configured once and deployed everywhere.
• Specific and clear approach to integrating platform security with services to provide enhanced security beyond what is typically deployed in most IT organizations today.
• Strategy for the implementation of recommended security practices in a focused, supported way.
• Flexible security to accommodate a variety of application and operational requirements and scenarios.

Also interesing to note, support for Sun's VirtualBox is coming soon as well. This interesting project is certainly worth a closer look.

The Role of the CTO & CIO in Cloud Computing

Recently I asked a question on twitter, one I figured would stir up some debate. (Which was the point) The question was "Does the CTO matter any more with the rise of Cloud Computing or is it all about the CIO with data reigning supreme?"

As the founder of a cloud software company, I am the self imposed CTO. I have no formal CTO training other then a passion for emerging technology. In a company full of PHd's, I have probably the least technical credentials with no formal post secondary education. As a CTO I view my job as the technical leader. My job is to stay ahead of the curve, spotting trends or even sometimes helping to create the trends based on what I see as a continued evolution occurring in computing. In this new information driven world, ideas have become the new currency and in this, I see my role as not only the technical leader but also the creative leader. I continually try to educate myself on the various emerging technologies with an eye toward their practical implementation within either our cloud software platform or within our customers infrastructures.

For me thought leadership is also a very important aspect of my job. For example, this very blog, is a way for me to publicly think through various concepts with a kind of public peer review.

I do admit, the job of a CTO can greatly vary depending on your company size and the market segment. Like any executive job role there is room for a standard deviation within it's definition. Most will agree there is no common definition of a CTO or it's responsibilities, apart from that of acting as the senior-most technologist in an organization. The role can also greatly vary depending on the type of work, industry or market segment of the organization. More over a CTO can be thought of as a "Jack of all technical trades" and possibly a master of some.

I found the follow excerpt on wikipedia contrasting the differences of a CIO Vs CTO particularly insightful, "The focus of a CTO may be contrasted with that of a CIO in that, whereas a CIO is predisposed to solve problems by acquiring and adapting ready-made technologies, a CTO is predisposed to solve problems by developing new technologies. In practice, each will typically blend both approaches."

"In an enterprise whose primary technology concerns are addressable by ready-made technologies, a CIO might be the primary representative of technology issues at the executive level. In an enterprise whose primary technology concerns are addressed by developing new technologies, or the general strategic exploitation of intellectual property held by the company, a CTO might be the primary representative of these concerns at the executive level."

"A CTO is focused on technology needed for products and technology sold to clients where a CIO is an internal facing job focused on technology to run the company and maintaining the platform to run services to sell to clients."

So basically a CTO is in charge of technology whether a phone system, security system, storage system or anything that has a technological aspect. In contrast the CIO leads the management of data / information and how it's utilized.

With the rise of cloud computing the role of the CIO is quickly becoming one of the most important jobs in any well manged business. Information has become a disruptive tool and defining the information architecture while assuring a near realtime access to an ever expanding world of data will be the key metric in which successful and competitive businesses are measured. I won't go as far as saying the role of the CTO is becoming less important, but the role of the CIO is certainly more important then ever before and this is especially true of most modern data driven companies.

I believe we are in the midst of a realtime information revolution. No longer can we sit back and analyze what happened yesterday, we must focus on what is happening now or even what will happen tomorrow. Those companies who have the most efficient access to a realtime data stream will dominate and the CIO not the CTO will be the person who will have the most influence in bringing about this coming corporate information revolution.

Hoff's Cloud Metastructure

Recently, Chris Hoff posted an interesting concept for simply defining the logical parts of a cloud computing stack. Part of his concept is something he is calling the "Metastructure" or "essentially infrastructure is comprised of all the compute, network and storage moving parts that we identify as infrastructure today. The protocols and mechanisms that provide the interface between the infrastructure layer and the applications and information above it".

Actually I quite like the concept and the simplicity he uses to describe it. Hoff's variation is the practical implementation for a meta-abstraction layer that sits nicely between existing hardware and software stacks while enabling a bridge for future yet undiscovered / undeveloped technologies.. The idea of a Metastructure provides an extensible bridge between the legacy world of hardware based deployments and the new world of virtualized / unified computing. (You can see why Hoff is working at Cisco, he get's the core concepts of unified computing -- one API to rule them all)

In a post back in February, I described the contrast of a Cloud "Metaverse" as a logical inverse to the traditional structured view of infrastructure. My idea was to describe everything that exists beyond the confines of a particular virtualized environment through the use of an extensible semantic API abstraction. At the heart of this theory there is the ability to define the relationship of how multiple distributed clouds describe their interrelations between themselves (who, what, where, when, and so on).

I'd also like to point out that my concept was inspired in part by the suggestion of Scott Radeztsky at Sun to look at the problem of cloud interoperability as a meta-problem, (problems describing other problems). Also my original Metacloud post was inspired by a multiverse post I wrote which was itself inspired by a post by Chris Hoff where he proposed an interesting use case for IPv6. So we seem to have come full circle.

In order to solve abstract problems, we need abstract solutions to these problems. This fit perfectly into my Semantic Cloud Abstraction thesis loosely described as an API for other API's.

UK Government CIO sheds light on "G-Cloud" plans

Interesting discussion happening on the CCIF Mailing list today. John Suffolk (UK Government CIO) responded to the recent discussion of the UK governments plans to create country wide cloud Infrastructure (aka G-Cloud).

Suffolk had this to say:

Our approach to G-Cloud stems from the work we have been doing over the past 3 years: Focus on getting desktop designs standardized; rationalize the morass of telecommunications infrastructures into a "network of network" under the Public Sector Network Programme; rationalize the datacenteres; drive through the open source, open standards and reuse strategy; surround each of those individual elements with the Green IT strategy and our Information

Assurance strategy. That gives us the ability to start moving towards cloud in a sensible way. As part of this rather than having a shared services in departments we will move them to the cloud so the sharing across the public sector (more than 5 million people) can be even greater.

The open source, open standards and reuse policy provides an interesting opportunity. How easy would it to build a Government App Store? The European law on procurement for public sectors is complex but if we can crack this we shift the paradigm again. More than happy to listen to your views on this.

I find the concept of a government app store particularly interesting. In my recent conversations with the US CIO council the concept of improved IT procurement through the use of web based services was a hot topic of conversation. A kind of Amazon EC2 meets the Apple App Store makes a lot of sense in distributed organization such as a large governmental agency. One of the recurring themes was the lack of perceived security that such a deployment may have. This is especially true when considering a virtualized environment.

Another big point of contention has been within the aspects of standardization. I'm not speaking only about things such as standardized API's but also common terminologies. A perfect example is the recent NIST cloud definition which has become the formal definition for any cloud based services or platforms being acquired in the US federal government. Before you can hope to embrace a cloud centric "network of networks" computing approach, you first need to have a consensus on how to describe the various aspects found within unique parts of the cloud. Semantic approaches may also help.

Personally, when thinking about cloud computing with in a governmental context, interoperability and open standards are a particularly good starting point with open source references deployments the logical next step afterward. At the end of the day, governments represents some of the largest consumers of technology on the globe and as such you have the power to mandate these sorts of requirements when either considering or actually developing the next generation of IT systems and platforms.

The United Nations of Cloud Computing

With all the recent buzz around cloud computing within various governments around the globe there is one major international organization notably absent from the discussions -- The United Nations. I thought I'd take a moment to briefly explore some of the opportunities for cloud computing within the UN.

To give a little background, the UN's stated aims is to facilitate cooperation in international law, international security, economic development, social progress, human rights, and achieving world peace. I'm the first to admit that cloud computing can do a great many things, but solving world peace probably isn't one of them. But international law, international security, economic development, and social progress all fit nicely into potential applications for cloud computing, especially within emerging economies around the globe.

Among the UN's various technology related endeavours are the Millenium Development Goals (MDGs), a set of eight targets to help end extreme poverty worldwide by 2015.In attempting to achieve these goals one the early efforts was the United Nations Information and Communication Technologies Task Force, created to advance the UN's efforts around addressing the core issues related to the role of information and communication technology in economic development and eradication of poverty. In 2006 the Global Alliance for ICT and Development (GAID) replaced UNICTTF, and now has the task of providing an open policy dialogue on the role of information and communication technologies. GAID is probably one of the best places to address the need for cloud computing at the UN.

One of the more famous off shoots of this program is the One Laptop Per Child (OLPC) project, a nonprofit created by Nicholas Negroponte. The OLPC's goal is to create a laptop to sell for $100 each to governments to give away at no cost to school-aged children. One of the key drivers that brought about the "NetBook" trend.

As I've said before, Cloud computing isn't about one endless global cloud, one with no defined borders or geography, but instead it's about the localization of cloud computing within these new and emerging regions around globe. It's about the opportunity that flexible and efficient distributed computing enables as an economic & social stimulus. More over, it's about empowering those who have up until now been passed by on the information super highway. The UN has the opportunity to bring the ultimate equalizer, emerging technology as well as more importantly real access to information to these under enabled regions.

The UN has a long history of providing a multilateral source of grants for technological assistance and access around the world including being an early advocate of open source technology. Recent advances in technology have revolutionized the way people live, learn and work, but these benefits have not spread around the world evenly. The so called digital divide exists between communities in their access to computers, the Internet, and other technologies. Over the last few years the UN has been at the forefront of trying to knock down some of these technological barriers. With the emergence of Cloud Computing we may now have an even more effective tool to help in this on going effort to end poverty and encourage social progress around the globe.

British Government to Create Country Wide Cloud Capability

Interesting developments from our friends in the UK today. The British government's newly appointed chief information officer John Suffolk has been given new powers to sign-off all major IT projects with a particular focus placed on the creation of a country wide Cloud Computing infrastructure. Details of the new strategy were released as part of a Digital Britain report published earlier, which includes the development of “G-cloud” – a government-wide cloud computing network.

The report highlights the development of a virtual Public Service Network (PSN) with “common design, standards, service level agreements, security and governance.” which goes on to outline that "all those government bodies likely to procure ICT services should look to do so on a scalable, cloud basis such that other public bodies can benefit from the new capability,”

“The Digital Britain report recommends that the government take the necessary steps to secure that the Government CIO has a ‘double lock’ in terms of accountabilities and sign off for such projects. That will secure government-wide standards and systems” Needless to say, the need for cloud computing standards are now more important then ever with the UK joining a growing list of countries either exploring or activity building government sponsored clouds.

I should note I've been recently involved in similar discussions with the Canadian government regarding a national cloud strategy and platform. For anyone interested, I'm currently organizing a Canadian Federal Cloud Summit for this October in Ottawa. I will also be presenting the keynote at the upcoming Washington Cloud Standards summit on July 13th.

More details on the Digital Britain report are available here

The Big Blue Cloud, Getting Ready for the Zettabyte Age