Moving to the cloud: What you’re really worried about

So we’re talking about cloud computing, specifically the question, “What are my real concerns when I move my applications/platform/infrastructure to the cloud?”

Bandwidth. Productivity means people aren’t waiting for a sluggish interface to respond. Do you have a T1 now? What’s its utilization? Because you may be moving up to a T3. Already on an OC3? Have you shopped high-end WAN links lately?

Network reliability. Now your network is the Internet. How often does your connection go down? It’s going to be worth your while to run the numbers here: average downtime of x per month, times cost y of users sitting idle, equals your risk exposure. Do you save at least this much by moving to the cloud?

Working when your link is down. Can you work? I’m seeing some pretty elaborate preparations around this, like nightly data extraction from Cerner’s Linux/Oracle cluster for local replication. If I were going to count on a web-based application (like Cerner) I’d sure wonder what kind of local business continuity they can provide, and exactly how.

Where’s your data? Once you move it to “the” cloud, who knows? But actually, you’re usually moving to “a” cloud, like Amazon’s or Google’s or Cerner’s, which means that in some cases you know where your data is. That may be enough, even in medical records situations, provided data is encrypted in transit and preferably encrypted at rest. But if you’re working for the VA, you already know: no data is leaving their own data centers. Law and policy may prevent you placing your data outside your organization.

Data ownership. I recall all too well supporting MestaMed, which locked up your company’s data in several proprietary formats. Doing data extraction and migration was a profitable business, which was nice for me but maybe not so much for my clients. So if you leave GE’s or Cerner’s or anybody’s system, will they give you your data? Free? Without a massive hassle? In a format you can use?

My friends, this is more than critical. Ponder these questions carefully before you make this move. Feel free to post your thoughts or experiences with the cloud.

Moving to “The Cloud”? What the heck is that?

I’m watching several clients as they move, or consider moving, parts of their IT infrastructure to the cloud. Some of their issues have really given me pause.

What is “the cloud” anyway? It’s several things, among others a currently-hot catchphrase in IT. It can be software as a service (SaaS), for instance using Gmail for email and Google’s Postini for spam filtering. These particular things are highly appropriate for running over the Internet; if the Internet’s down you’re not getting email anyway, right?

Or it can be platform as a service (PaaS), where you’re moving not just an application to the cloud, but using the cloud as your whole IT and application platform. Think of Amazon’s Elastic Compute Cloud: you pick your favorite OS and instantiate a virtual machine on top of Amazon’s computing resources. I can see one big advantage: letting Amazon worry about power and cooling and bandwidth and hardware. And if my personal Internet connection is down, no big deal: Amazon is still running my server.

Or we might mean Infrastructure as a Service, where my whole IT shenanigan moves to the cloud: virtualized servers, virtual desktops, outsourced support; voila! No IT department! Ha ha ha. As if. There’s a good idea here, but any organization that goes this route had better have at least one sharp IT-knowledgeable person on staff, or getting your value out of this transformation is going to be a tough proposition.

Is any of this really new? No: but relying on the Internet to do it is. Which will bring me, in our next installment, to the things you should really be worrying about if you’re migrating to the cloud.

Dealing With Operation Aurora

As you know if you follow my maunderings, I’ve been keenly interested in the “Operation Aurora” incident that involved, among other things, hacking into Google’s servers to gather information on Chinese political dissidents.

This was a significant attack, primarily because it was so sophisticated. It exploited a weakness in Internet Explorer 6 (God please deliver us from that browser forever), but did its nastiness deep under cover so that infected organizations weren’t even aware there was a problem until they got back-channel notification.

One such organization got quiet word of “connections from [their] company’s DNS servers to questionable domains.” That’ll stand up the hair on your neck. It took some extensive efforts to locate and dig out the problems, including Tripwire intrusion detection, Wireshark packet capture, Juniper IDS, a special patch from Trend Micro, EnCase drive imaging, and all the cool stuff security forensics people love to work and play with.

Check out the story at

IT Skills for 2010

Success in the awakening IT jobs market depends on your skills, your attitude – and the area of expertise you bring to the table. I don’t mean configuring RAID arrays, I mean familiarity with a medical or accounting or legal or you-name-it business domain.

Take a look at this NetworkWorld article, “Outlook 2010 IT skills checklist: The vertical climb” at:

The Executive Summary: Vertical industries, like medicine, are going to be the specific drivers of new IT opportunities. Says Denise Dubie of NetworkWorld, “Some vertical industries in particular will see a huge spike in demand for high-tech workers. For instance, healthcare is expected to see demand for 70,000 new IT positions in the next 12 months, according the the Computing Technology Industry Association.”

Yes, that’s 70,000 new IT jobs.

Other critical areas of IT expertise that you can bring to your vertical industry of choice include security and secure networking; open source proficiency; and familiarity with current “hot topics” like SaaS, virtualization and cloud technologies (execs are always looking for smart advice on IT).

The challenge to you (aside from staying current in this frenzied field) is finding an industry or recognizing that you already have experience in one. From there, it’s easy: just memorize the Encyclopedia Britannica of IT and you’ll have it made.

HP Layoffs in NM? Not a chance.

So, HP is going to lay off 9,000 employees? Doesn’t that sound terrible for New Mexico, given that they’ve just opened a support center here? Well, don’t worry; it’s not as bad as the headlines make it sound.

First, we’re talking about reducing positions through attrition over the next three years, not a massive round of layoffs.

Second, these are almost all data center positions. It’s interesting how data centers are increasingly becoming empty of humans, evoking images of Skynet. But Albuquerque isn’t (so far) big in the data center business, with perhaps the limited exception of BigByte. Put simply, it’s a little hot here to locate large-scale data centers. So we’re not losing these positions, either.

Third, HP simultaneously will create some 6,000 new positions over the same next three years, which means there’s more shuffling than terminating going on.

I predict zero impact in New Mexico from this announcement. Don’t sweat it.