Selecting a Cloud Provider - Part 2
In my first post in this two-part series I discussed the considerations of choosing a IaaS, PaaS or SaaS provider. In this post I am looking at additional criteria to look at in the case of an IaaS provider (although much applies to the other two as well).
As I wrote in The Cost of Poor Cloud Performance, latency of a cloud provider can have a huge impact on the business. High-speed delivery of applications in the cloud is a multifaceted challenge that requires a holistic approach and an end-to-end view of the application request-response path.
Performance issues include the geographical proximity of the application and data to the end user, network performance both within the cloud and in-and-out of the cloud and I/O access speed between the compute layer and the multiple tiers of data stores. CloudSleuth’s Global Provider View is of course one way in which you can get a sense of a cloud provider’s performance from different geographic areas. You can also test for yourself with a small application. Note that not all clouds will perform the same for different workloads.
Service-level agreements and reliability
Some cloud providers offer guarantees for higher levels of service as a way to separate themselves from the pack. In Rackspace: The Avis of Cloud Computing, I describe how Rackspace has higher levels of cloud service SLAs to compete with Amazon, the 800-pound gorilla of cloud computing.
Note that SLAs are often merely an indication of the consequences when the service fails and not the service's actual reliability. A great example of this is GoGrid's 10,000% Guaranteed SLA. In other words, GoGrid offers a 100% uptime guarantee. Should it fail to meet that level of availability, it will compensate the customer with 100 times the fee paid for the downtime.
Although the SLA is a good indicator of any provider's level of commitment, knowing the real uptime levels of a particular cloud provider is a trickier proposition. Most vendors have a status page that acts as a dashboard for the health of their services, but these generally display only stats from a few days ago at the earliest. To get actual long-term numbers for reliability and availability, it's better to rely on customer testimonials and comparison services such as CloudSleuth.
Lock-in, community and ecosystem
Another critical aspect of selecting a cloud provider is the APIs it exposes for accessing the infrastructure and performing operations such as provisioning and de-provisioning servers. The API is important in a number of ways.
First, an API that is supported by multiple providers and vendors reduces lock-in because migration from one provider to another -- or simultaneously working with multiple providers -- requires less change to the application and is, therefore, easier.
Second, an API that is widely supported by a community of developers and vendors has an entire ecosystem around it of complementary services and capabilities. The APIs offered by Amazon Web Services (AWS) and the various VMware cloud offerings have large ecosystems built around them, which includes tools for governance (such as enStratus), monitoring and management (such as RightScale) and a slew of other services that complete their cloud service.
VMware itself does not have an infrastructure cloud service (although it does have a PaaS service at CloudFoundry.com), but various providers use the VMware stack and APIs -- specifically vCloud -- such as Verizon’s Terremark and CenturyLink’s Savvis.
Both Amazon and VMware -- and perhaps Windows Azure as well -- allow customers to implement in-house clouds using their stack and APIs, thus enabling an easy way to manage and run applications on what some call a hybrid cloud. A hybrid cloud is a cloud that is both hosted by a provider and runs in the company's on-premise data center. In the case of Amazon, this can be done through Eucalyptus, a startup that provides a software stack for implementing private clouds using the AWS APIs.
In addition to the proprietary APIs offered by Amazon and VMWare, there are serious open source alternatives, which have strong industry momentum behind them. Rackspace, jointly with NASA and supported by many vendors and cloud providers, has open sourced its software stack in a project called OpenStack. HP is one of the largest cloud providers that relies on OpenStack, for example. Citrix offers a successful open source product called CloudStack. Watch closely to see which cloud platform has the largest ecosystem of both providers (so that you are not locked into a single one such as Amazon), as well as 3rd party services.
Security and compliance
Surveys of IT executives and developers consistently show that two of the biggest barriers for companies considering cloud computing continue to be security and compliance.
The concern for enterprises is not always actual security threats but rather their inability to achieve compliance with security-related standards such as PCI. In response, many cloud providers are now touting their security and compliance chops with SAS-70 Type II audits, security white papers and other measures.
Banking on the opportunity, a number of cloud providers emphasize their security capabilities, such as CSC Trusted Cloud and Logicworks Compliant Cloud.
A straightforward way to compare cloud providers would appear to be cost, but it turns out to be anything but. The problem is that there is no consistency among providers in regards to the resources customers actually receive and pay for. Providers offer virtual machines (VMs) that vary widely in memory capacity, CPU clock speed and other features. Furthermore, the units that are actually provided to customers are often virtualized, creating even further confusion as to what the customer is actually getting and how it might be affected by other customers on the same cloud.
Amazon has EC2 Compute Units, Heroku offers Dynos and other vendors have created their own measurement units. The only truly reliable way to measure the cost-performance of different cloud providers at this point is to conduct an experiment with the same application or prototype on multiple providers and compare the results.