Professional Documents
Culture Documents
09 0743 PDF
09 0743 PDF
Case # 09-0743
Cloud Computing
and SOA
Geoffrey Raines
Executive Summary are currently evolving
ii Service-Oriented Architecture
Table of Contents
Defining Cloud Computing 1
Defining SOA 5
References 12
THE BIG PICTURE: Cloud computing describes a broad movement toward the use of wide area net-
works, such as the Internet, to enable interaction between information technology service providers and
consumers. Cloud computing has a number of benefits and risks that should be examined by any senior
leadership team considering the realignment of its enterprise computing IT portfolio. SOA and cloud com-
puting are complementary activities, and both will play important roles in IT planning.
Geoffrey Raines
Cloud Computing and SOA
Cloud Clients
Presentation Layer
Example: browsers, mobile devices
Cloud Applications
Software as a Service
Example: Google docs or calendar
Cloud Services
Components as a Service
Example: SOA via Web Service standards
Cloud Infrastructure
Distributed Multi-site Physical Infrastructure
Note: enabled by server virtualization
2 Service-Oriented Architecture
Cloud Applications—Software as a service scenario. By using many online software applica-
(SaaS)—This definition relies on the cloud for tions, the user is distributing processing on their
access to what would traditionally be local desktop behalf across CPUs scattered in the cloud by soft-
software.6 For example, Adobe’s Photoshop, a pro- ware service offerors. For example, Wikipedia states,
gram to manipulate images, was distributed to end “[Cloud computing] is a style of computing in which
users on disks for many years. Today, you still can IT-related capabilities are provided ‘as a service,’
install a version of Photoshop from an installation allowing users to access technology-enabled services
disk, or you can go to a completely online version of from the Internet (‘in the cloud’) without knowledge
an analogous application, entitled Express.7 In the of, expertise with, or control over the technology
online Express, you can upload your images into infrastructure that supports them.” 9
a hosted file area and work on the images with the
Cloud Clients—Another application-related func-
same filters and capabilities that were found in the
tion of cloud computing focuses on the distribu-
traditional software version. Express is an example
tion of business and personal data across servers
of SaaS, though this is not the only form SaaS can
on the Internet. For example, an individual may
take. For example, Google provides web applica-
have personal data in Facebook, digital photos in
tions, such as Gmail, Google Calendar, Talk, Docs,
Flickr, banking data in bank servers, insurance
and Sites, with functionality similar to traditional
data in insurance company servers, and on and on,
office suites.
all available in distributed servers and data centers
One advantage of this approach is that the applica- around the world. In composite, these users are
tion can be continuously updated by the application using the “cloud” to hold and maintain data on
provider without issuing and shipping new instal- many aspects of daily life. This distribution of data
lation disks. Each time the user logs in to the site, across the Internet rather than in local desktop or
the user will get the latest version of the applica- local area network repositories resonates with end
tion. The application provider is also offering a users because it often equates directly to the use
very scalable web application using a multi-tiered of presentation layer Cloud Applications in Cloud
web architecture, implemented on a considerable Clients such as a browser, the top of the cloud stack.
infrastructure. Disadvantages include the complete Forrester Research states, “Consumers are driving
dependence on the underlying network to access this new battle, with the huge volume of servers
the application. When the network is down, the needed to dish up search, pictures, audio, and video,
user cannot do any work with the network-based in addition to web email. This giant capacity creates
application. In contrast, the desktop version of the a massive platform for leading consumer-focused
software does not require network connectivity for companies such as Amazon, Facebook, Google, and
productive work. Microsoft, which then look for ways to add incre-
mental volume by servicing the needs of institutions
Software as a Service (SaaS) is a model of software as well.” 10
deployment where an application is hosted as a
service provided to customers across the Internet. Figure 2 depicts a sampling of current commer-
By eliminating the need to install and run the cial vendors with cloud computing offerings. The
application on the customer’s own computer, offerings fall into the same general groupings as the
SaaS alleviates the customer’s burden of software cloud IT stack described earlier, with foundational
maintenance, ongoing operation, and support. services on the left and more complex services
Conversely, customers relinquish control over on the right. Please note that this marketplace is
software versions or changing requirements; more- dynamic and continues to grow rapidly.
over, costs to use the service become a continuous
Considerations with cloud computing—Cloud
expense, rather than a single expense at time of
computing brings with it a number of key benefits
purchase.—Wikipedia (SaaS)8
and risks that should be examined by any senior
With SaaS a significant amount of the processing leadership team considering a realignment of its
occurs in the Internet “cloud,” in remote data cen- enterprise computing IT portfolio.
ters, and not on the local desktop. The local desktop
becomes primarily a presentation layer device in this • Outsourcing to cloud providers: Commercial
cloud computing effectively outsources portions
#ONFIGURATORS !PPLICATION
!0)S 3OFTWARE
of the IT stack, ranging from hardware through provider’s offerings can lead to lock-in with one
applications, to cloud providers. Cloud com- vendor’s solution and limited or no competition.
puting allows a consumer to benefit by incre- • Contracts and service-level agreements (SLAs):
mentally leveraging a more significant capital Cloud offerings are defined with a discrete inter-
investment made by a provider. The consumers face and performance expectation. This agree-
also benefit significantly by being able to dynam- ment can be captured in an SLA between the
ically scale their demand of the cloud services. provider and consumer, and this document can
As Ted Schadler states, “The service provider be made a part of the contractual relationship
pricing model of cloud computing is particularly between the two.
valuable when economic uncertainty limits the • IA: Commercial cloud providers will have secu-
capital and IT resources available to firms.” 12 rity solutions that meet the needs, risk profiles,
• Dependence on the network: Cloud computing is and cost models of their commercial custom-
fundamentally dependent on the network to con- ers. These security solutions will not always be
nect the offeror with the consumer. For those who appropriate for Federal needs. Part of the benefit
have redundant network connections with robust of cloud computing as a consumer is being able
bandwidth this will not be an issue, but for those to abstract away the details of how a platform
who don’t, serious consideration should be given or service is provided. Federal consumers may
concerning singular dependence on network- often need a clear understanding of (and need
based offerings, and how business continues when to specify the characteristics of) what is occur-
the network is unavailable or unreliable. ring inside the “black box” of a cloud offering to
• Dependence on specific cloud providers (lock- ensure secure operations.
in): Vendor lock-in is a risk with the current
maturity of cloud computing. Vendor neutrality
is often best achieved by utilizing industry or Defining SOA
open standards, but these standards are cur- SOA builds on computer engineering approaches
rently evolving for several layers of the stack. of the past to offer an architectural approach for
Developing applications to leverage one cloud enterprise systems, oriented around the offering of
4 Service-Oriented Architecture
services on a network of Multiple components can be combined to offer
“After creating consumers. A focus of this greater capabilities in what is often termed
service-oriented approach is “orchestration.”
islands of on the definition of service • Organizational agility:
automation interfaces and predictable SOA defines building
service behaviors. A set of blocks of software capa-
through industry standards, collec- bility in terms of offered
generations tively labeled “Web Service” services that meet some
standards in this paper, portion of the organi-
of technology, provide and implement the zation’s requirements.
general SOA concept and These building blocks,
users and have become the predomi- once defined and reliably operated, can be
business nant set of practical tools recombined and integrated rapidly.
used by enterprise engineers • Leveraging existing systems: One common use
managers are for current SOA projects. of SOA is to define elements or functions of exist-
demanding Some Web Service stan- ing application systems and make them available
dards have become foun- to the enterprise in a standard agreed-upon way,
that seamless dational and more widely leveraging the substantial investment already
bridges be built adopted, while many are made in existing applications. The most compel-
still seeking broad industry ling business case for SOA is often made regard-
to join them.” or Government acceptance. ing leveraging this legacy investment, enabling
– David Linthicum 8 SOA, as implemented
integration between new and old systems
components.
through the common Web
SOA and its implementing standards, such as the
Services standards, offers
Web Services standards, come to us at a particu-
Federal senior leadership
lar point in computing history. While several key
teams a path forward, given the diverse and com-
improvements, such as language neutrality, differ-
plex IT portfolio that they have inherited, allowing
entiate today’s Web Service technologies, there has
for incremental and focused improvement of their
been a long history of integrating technologies with
IT support systems. With thoughtful engineering
qualities analogous to Web Services, including a
and an enterprise point of view, SOA offers positive
field of study often referred to as enterprise applica-
benefits such as:
tion integration (EAI).13
• Language-neutral integration: The founda-
One of the key trends driving the adoption of Web
tional contemporary Web Services standards use
Services is the increasing span of integration being
eXtensible Markup Language, which is focused
attempted in organizations today. Systems integra-
on the creation and consumption of delimited
tion is increasing both in complexity within organi-
text. Regardless of the development language
zations and across external organizations. We can
used, these systems can offer and invoke services
expect this trend to continue as we combine greater
through a common mechanism. Programming
numbers of data sources to provide higher value
language neutrality is a key differentiator from
information. Ronan Bradley writes, “CIOs often have
past integration approaches.
difficulty in justifying the substantial costs associ-
• Component reuse: Given current Web Service
ated with integration but, nevertheless, in order to
technology, once an organization has built a
deliver compelling solutions to customers or improve
software component and offered it as a service,
operational efficiency, sooner or later an organization
the rest of the organization can then utilize that
is faced with an integration challenge.” 14 Figure 3
service. With proper service governance, empha-
depicts a few waypoints in the trend toward increas-
sizing topics such as service provider trust,
ing systems integration complexity.
service security, and reliability, Web Services
offer the potential for aiding the more effective SOA attempts to streamline integration across sys-
management of an enterprise portfolio, allowing tems by providing components that are architected
a capability to be built well once and then shared. and described in a consistent fashion.
Many
IP
LAN IP
IP
Fewer
Smaller Larger
6 Service-Oriented Architecture
#LOUD #OMPUTING /VERLAP 3/! VIA 7EB 3ERVICES
Both cloud computing and SOA share concepts of Forms of outsourcing—Both concepts require
service orientation.16 Services of many types are forms of contractual relationships and trust between
available on a common network for use by consum- service providers and service consumers. Reuse of
ers. Cloud computing focuses on turning aspects an SOA service by a group of other systems is in
of the IT computing stack into commodities17 that effect an “outsourcing” of that capability to another
can be purchased incrementally from the cloud- organization. With cloud computing, the outsourc-
based providers and can be considered a type of ing is more overt and often has a fully commercial
outsourcing in many cases. For example, large-scale flavor. Storage, platforms, and servers are rented
online storage can be procured and automatically from commercial providers who have economies of
allocated in terabyte units from the cloud. Similarly, scale in providing those commodities to a very large
a platform to operate web-based applications can audience. Cloud computing allows the consumer
be rented from redundant data centers in the cloud. organization to leave the detailed IT administration
However, cloud computing is currently a broader issues to the service providers.
term than SOA and covers the entire stack from
hardware through the presentation layer software Standards—Both cloud computing and SOA
systems. SOA, though not restricted conceptually provide an organization with an opportunity to
to software, is often implemented in practice as select common standards for network accessible
components or software services, as exemplified by capabilities. SOA has a fairly mature set of stan-
the Web Service standards used in many implemen- dards with which to implement software services,
tations. These components can be tied together and such as Representational State Transfer (REST),
executed on many platforms across the network to SOAP,19 and Web Services Description Language
provide a business function. (WSDL), among many others. Cloud computing is
not as mature, and many of the interfaces offered are
Network dependence—Both cloud computing and unique to a particular vendor, thus raising the risk
SOA count on a robust network to connect consum- of vendor lock-in. Simon Wardley writes, “The abil-
ers and producers, and in that sense, both have the ity to switch between providers overcomes the larg-
same foundational structural weakness when the est concerns of using such service providers, the lack
network is not performing or is unavailable. John of second sourcing options and the fear of vendor
Naughton elaborates on this concern when he writes lock-in (and the subsequent weaknesses in strategic
that “with gigabit ethernet connections in local area control and lack of pricing competition).” 20 This is
networks, and increasingly fast broadband, network likely to change over time as offerings at each layer
performance has improved to the point where cloud in the stack become more homogenous. Wardley
computing looks like a feasible proposition .... If we continues, “The computing stack, from the applica-
are betting our futures on the network being the tions we write, to the platforms we build upon, to
computer, we ought to be sure that it can stand the the operating systems we use are now moving from
strain.” 18 a product- to a service-based economy. The shift
towards services will also lead to standardization
8 Service-Oriented Architecture
coupling, and encapsulation. Both approaches another commercial organization. While the
rely on the definition of clear and unambiguous immediate provider may endeavor to meet DoD
interfaces, predictable performance and behavior, requirements, the outsourced provider may not.
interface standards selection, and clear separations
Given that contemporary, wholly commercial
of functionality. Finally, cloud computing and SOA
instances of cloud providers may not currently meet
can be pursued independently, or concurrently as
all of DoD’s mission-critical needs, it is also possible
complementary activities.
for DoD to take beneficial cloud concepts and apply
them internally on their own sensitive or classified
networks. However, establishing a cloud comput-
How Can the DoD Take Advantage of Cloud ing infrastructure is not a small undertaking, as it
Computing? requires that analogous instances of the commercial
The cloud computing capabilities discussed here capabilities be established on the internal networks
have many potential benefits for DoD and Federal of the DoD. Cloud offerings are fundamentally
agencies, and while it will be tempting to imme- network-based offerings and therefore must be pres-
diately use public Internet-based commercial ent on the same network-addressable space as the
resources, the existing commercial marketplace DoD consumers. For example, for a cloud offering
service providers will present a challenge for the to be available on NIPRnet, it must be addressable
majority of the DoD for the following reasons: through TCP/IP in the network address space of the
NIPRnet. In this sense, each network address space
• Information assurance: Part of the benefit of is an island and will need its own cloud capabilities.
cloud computing as a consumer is being able to
abstract oneself away from the details of how The approach of providing DoD-homed cloud
a platform or service is provided. This abstrac- services can be considered individually at each layer
tion can include not knowing where one’s data in the cloud stack. For example, DoD could decide
is actually being kept, including how many data to leverage economies of scale by offering highly
centers are involved and which national borders virtualized servers and secure storage on a grand
these data centers fall in. Security consider- scale. Individual DoD programs that require these
ations go beyond the actual location of the data. survivable multi-data-centered cloud IT resources
Commercial cloud providers will have security could choose to use these
solutions that meet the needs and cost mod- standard cloud platforms
els of their commercial customers, and these instead of defining and Examples of
approaches can be insufficient for direct con- procuring custom server
solutions and operating potential DoD
nection to classified DoD networks according to
current policies. them in separate data cen- cloud offerings
• Survivability: While commercial firms and ters with additional conti-
the DoD share many similar general business nuity of operations solu- can be found
continuity concerns, there comes a point where tions. Examples of potential in each layer of
commercial and Government requirements for DoD cloud offerings can
survivability diverge. The DoD will require a be found in each layer of the cloud stack,
comprehensive understanding of the redundancy the stack, ranging from ranging from
of cloud infrastructure that will go beyond the infrastructure and stor-
due diligence of most commercial firms. Either age to platforms, services, infrastructure
and software as a service.
driven by policy or law, the DoD will need to
Just as in the commercial
and storage
specify architecture details usually within the
offeror’s purview, and not specified by the typical marketplace, the key to to platforms,
introducing these offerings
commercial consumer.
to DoD programs is under-
services, and
• Chaining of outsourcing: Many of the cloud
providers outsource infrastructure layers beneath standing how they add software as
value to senior leadership
the service they are providing. For example,
teams controlling DoD IT a service.
a service provider may use a platform from
portfolios.
10 Service-Oriented Architecture
References
1
Adapted from Sam Johnston, “Taxonomy: The 6 Layer Cloud Computing Stack,”
http://samj.net/2008/09/taxonomy-6-layer-cloud-computing-stack.html
and Frank E. Gillett, “Future View: The New Tech Ecosystem of Cloud, Cloud Services, and Cloud Computing,”
Vendor Strategy Professionals, Forrester Research
2
Simon Wardley, “Cloud Recap… The Cloud Today”
http://blog.gardeviance.org/2008/10/cloud-recap.html
3
Amazon.com, “Amazon Simple Storage Service (Amazon S3)”
http://aws.amazon.com/s3/
4
Wikipedia, “Platform as a service”
http://en.wikipedia.org/wiki/Platform_as_a_service
5
John Musser, “600 Web APIs”
http://blog.programmableweb.com/2008/01/14/600-web-apis/
6
Robert P. Desisto et al., “Tutorial for Understanding the Relationship Between Cloud Computing and SaaS”
http://www.gartner.com/DisplayDocument?ref=g_search&id=640707
7
Adobe Photoshop Express
https://www.photoshop.com/express/landing.html
8
Wikipedia, “Software as a service”
http://en.wikipedia.org/wiki/Software_as_a_Service
9
Wikipedia, “Cloud computing”
http://en.wikipedia.org/wiki/Cloud_computing
10
Frank E. Gillett, “Future View: The New Tech Ecosystems of Cloud, Cloud Services, and Cloud Computing,”
Vendor Strategy Professionals, Forrester Research
11
Neal Leavitt, Yankee Group, “Is Cloud Computing Really Ready for Prime Time,” IEEE Computer Society, January 2009
12
Ted Schadler, Forrester Research, “Talking to Your CFO about Cloud Computing”
13
David Linthicum, “Enterprise Application Integration”
http://safari.oreilly.com/0201615835 12 November 1999
14
GDS InfoCentre, Roman Bradley, “Agile Infrastructures”
http://gdsinternational.com/infocentre/artsum.asp?mag=184&iss=150&art=25901&lang=en 28 March 2008
15
Jeffery Poulin, “The ROI of SOA Relative to Traditional Component Reuse,” Logic Library, 2006
16
Kevin Jackson, “Cloud Computing Related Technologies and their Use in the Public Sector to Support Net-centric Operation”
http://kevinljackson.blogspot.com/2008/09/6-layers-of-cloud-computing-stack.html
17
Bernard Lunn, “The New Stack: SaaS, Cloud Computing, Core Technology”
http://www.readwriteweb.com/archives/new_technology_stack.php
18
John Naughton, “Holes in the net make ‘cloud computing’ pie in the sky”
http://www.guardian.co.uk/technology/2008/mar/02/security.internetphonesbroadband
19
Note that SOAP is no longer considered an acronym. For more information, see
http://www.w3.org/TR/2003/REC-soap12-part0-20030624/#L1153
20
Simon Wardley, “Cloud Recap… The Cloud Today”
http://blog.gardeviance.org/2008/10/cloud-recap.html
21
Simon Wardley, “The Key to Cloud Computing: Componentization”
http://xml.sys-con.com/node/773522
12 Service-Oriented Architecture
MITRE
www.mitre.org